CVEs-PoC/2016/CVE-2016-3096.md at d23bb0d44cd0f6e90faec0da35d3754d8e9ec182

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-02 08:35:21 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.

POC

Reference

https://github.com/ansible/ansible-modules-extras/pull/1941
https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4

Github

https://github.com/ARPSyndicate/cvemon

988 B Raw Blame History

CVE-2016-3096

Description

POC

Reference

Github

988 B

Raw Blame History