Ubuntu overlayFS vulnerability

A privilege-escalation vulnerability released earlier this week was found in a few versions of Ubuntu. The operating system fails to check permissions when users are creating files, resulting in the bug. When a file needs to be writable it is copied from the lower directory to the upper file system where is can be modified.

Canonical has patched the bug present in versions 12.04, 14.04, 14.10 and 15.04. The bug existed in the overlayFS component of Ubuntu.

Security researcher Philip Pettersson says an attacker would have the ability to list the contents of any directory on the machine, regardless of permissions. The permission needed is the one of the original file owner as opposed to the user triggering the copy_up.