x/vulndb: potential Go vuln in github.com/projectatomic/oci-register-machine: CVE-2016-6349

[tatianab]

CVE-2016-6349 references github.com/projectatomic/oci-register-machine, which may be a Go module.

Description:
The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2016-6349
• web: http://www.openwall.com/lists/oss-security/2016/07/26/9
• web: https://bugzilla.redhat.com/show_bug.cgi?id=1360634
• web: http://www.openwall.com/lists/oss-security/2016/10/13/7
• fix: Allow a user to disable oci-register-machine projectatomic/oci-register-machine#22
• web: http://www.securityfocus.com/bid/92143
• Imported by: https://pkg.go.dev/github.com/projectatomic/oci-register-machine?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/projectatomic/oci-register-machine
      vulnerable_at: 0.0.0-20180124143223-2b4423347290
      packages:
        - package: n/a
cves:
    - CVE-2016-6349
references:
    - web: http://www.openwall.com/lists/oss-security/2016/07/26/9
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1360634
    - web: http://www.openwall.com/lists/oss-security/2016/10/13/7
    - fix: https://github.com/projectatomic/oci-register-machine/pull/22
    - web: http://www.securityfocus.com/bid/92143

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports