Red Hat Bugzilla – Bug 921448
CVE-2013-1858 kernel: CLONE_NEWUSER | CLONE_FS chroot exploit
Last modified: 2015-07-31 03:00:50 EDT
Linux kernels which support unprivileged user namespaces (CLONE_NEWUSER) and at the same time allow sharing file system information (CLONE_FS) between parent process and its newly clone(2)d child process in the new user namespace, are vulnerable to a privilege escalation flaw as presented by Sebastian Krahmer
in his chroot exploit .
An unprivileged local user could use this flaw to gain root privileges on a system.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.
This issue did not affect the versions of the Linux kernel as shipped with Fedora 17 and 18 as they were not built with CONFIG_USER_NS configuration option.