CVE-2015-1328 - overlayfs privilege escalation


Severity

High

Vendor

Canonical Ubuntu

Versions Affected
  • Canonical Ubuntu 14.04 LTS with 3.16 kernel
Description

Philip Pettersson discovered a privilege escalation when using overlayfs mounts inside of user namespaces. A local user could exploit this flaw to gain administrative privileges on the system.

Affected Pivotal Products and Versions

Severity is high unless otherwise noted.

  • Pivotal Cloud Foundry Elastic Runtime 1.4.4 and prior
  • Any Cloud Foundry deployment with Ubuntu Trusty BOSH stemcell prior to version 2989
Mitigation

Users of affected versions should apply the following mitigation:

  • The Cloud Foundry project recommends upgrading to BOSH 2989 stemcell or later for all Cloud Foundry deployments.
  • Pivotal recommends that customers upgrade to Pivotal Cloud Foundry Elastic Runtime version 1.4.5 or later from Pivotal Network.
Credit

Philip Pettersson

References