Serge Hallyn

5 exploits Active since Oct 2011
CVE-2015-1331 WRITEUP WRITEUP
LXC < 1.1.2 - Arbitrary File Creation via Symlink Attack on /run/lock/lxc/*
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
CVE-2015-1335 WRITEUP WRITEUP
lxc <1.0.8, <1.1.4 - Privilege Escalation
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
CVE-2015-1342 WRITEUP WRITEUP
LXCFS <0.12 - Privilege Escalation
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
CVE-2015-1344 WRITEUP WRITEUP
LXCFS <0.12 - Privilege Escalation
The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file.
CVE-2011-2189 EXPLOITDB HIGH text WORKING POC
Linux Kernel < 2.6.32 - Denial of Service via Network Namespace Creation
net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
CVSS 7.5