Ubuntu overlayfs Vulnerability โ€” June 17, 2015

A vulnerability has been discovered in Ubuntu which allows a local user to gain administrative privileges and take control of the system.

CVE Number

CVE-2015-1328

Severity

Medium

Summary

Ubuntu announced the overlayfs privilege escalation vulnerability on June 15, 2015. A local user could exploit this flaw to gain administrative privileges on the system.

Vulnerability details

The overlayfs file system does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and whereoverlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces.

Impacted systems

Ubuntu 12.04, 14.04, 14.10, and 15.04 and their derivatives

Solution

Apply the patch released by vendor and reboot.

Ubuntu 12.04
http://www.ubuntu.com/usn/usn-2640-1
http://www.ubuntu.com/usn/usn-2641-1
http://www.ubuntu.com/usn/usn-2642-1

Ubuntu 14.04
http://www.ubuntu.com/usn/usn-2643-1
http://www.ubuntu.com/usn/usn-2644-1
http://www.ubuntu.com/usn/usn-2645-1

Ubuntu 14.10
http://www.ubuntu.com/usn/usn-2646-1

Ubuntu 15.04
http://www.ubuntu.com/usn/usn-2647-1

Temporary workaround

System Administrators are encouraged to apply the kernel update as the best defense against this vulnerability. Administrators who may not be able to apply the kernel update immediately may choose apply the following workaround in the interim. This will remove the overlayfs module from memory, and will blacklist the overlayfs module from being loaded at boot.

http://blog.emilburzo.com/2015/06/quick-work-around-for-cve-2015-1328.html

Useful Links

http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1328