{"id": "SUSE_SU-2015-0082-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : docker (SUSE-SU-2015:0082-1)", "description": "This docker version upgrade fixes the following security and non\nsecurity issues, and adds the also additional features :\n\n - Updated to 1.4.1 (2014-12-15) :\n\n - Runtime :\n\n - Fix issue with volumes-from and bind mounts not being\n honored after create (fixes bnc#913213)\n\n - Added e2fsprogs as runtime dependency, this is required\n when the devicemapper driver is used. (bnc#913211).\n\n - Fixed owner & group for docker.socket (thanks to Andrei\n Dziahel and\n https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555\n #5)\n\n - Updated to 1.4.0 (2014-12-11) :\n\n - Notable Features since 1.3.0 :\n\n - Set key=value labels to the daemon (displayed in `docker\n info`), applied with new `-label` daemon flag\n\n - Add support for `ENV` in Dockerfile of the form: `ENV\n name=value name2=value2...`\n\n - New Overlayfs Storage Driver\n\n - `docker info` now returns an `ID` and `Name` field\n\n - Filter events by event name, container, or image\n\n - `docker cp` now supports copying from container volumes\n\n - Fixed `docker tag`, so it honors `--force` when\n overriding a tag for existing image.\n\n - Changes introduced by 1.3.3 (2014-12-11) :\n\n - Security :\n\n - Fix path traversal vulnerability in processing of\n absolute symbolic links (CVE-2014-9356) - (bnc#909709)\n\n - Fix decompression of xz image archives, preventing\n privilege escalation (CVE-2014-9357) - (bnc#909710)\n\n - Validate image IDs (CVE-2014-9358) - (bnc#909712)\n\n - Runtime :\n\n - Fix an issue when image archives are being read slowly\n\n - Client :\n\n - Fix a regression related to stdin redirection\n\n - Fix a regression with `docker cp` when destination is\n the current directory\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2015-05-20T00:00:00", "modified": "2015-05-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/83667", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?f0dd7c95", "https://bugzilla.suse.com/show_bug.cgi?id=913213", "https://bugzilla.suse.com/show_bug.cgi?id=909709", "https://bugzilla.suse.com/show_bug.cgi?id=909710", "https://www.suse.com/security/cve/CVE-2014-9356/", "https://bugzilla.suse.com/show_bug.cgi?id=909712", "https://www.suse.com/security/cve/CVE-2014-9357/", "https://bugzilla.suse.com/show_bug.cgi?id=913211", "https://www.suse.com/security/cve/CVE-2014-9358/", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5"], "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "type": "nessus", "lastseen": "2021-01-07T14:22:19", "edition": 25, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9358", "CVE-2014-9356", "CVE-2014-9357"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2014-3110.NASL", "OPENSUSE-2014-820.NASL", "REDHAT-RHSA-2015-0623.NASL", "FEDORA_2014-16839.NASL", "ALA_ALAS-2014-461.NASL", "FEDORA_2015-1128.NASL"]}, {"type": "archlinux", "idList": ["ASA-201412-16"]}, {"type": "amazon", "idList": ["ALAS-2014-461"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123208", "OPENVAS:1361412562310120100", "OPENVAS:1361412562310868948", "OPENVAS:1361412562310868678"]}, {"type": "fedora", "idList": ["FEDORA:F2579608A1ED", "FEDORA:07C736087F09"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14116", "SECURITYVULNS:DOC:31548"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-3110"]}, {"type": "redhat", "idList": ["RHSA-2015:0623"]}], "modified": "2021-01-07T14:22:19", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2021-01-07T14:22:19", "rev": 2}, "vulnersScore": 7.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0082-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83667);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9356\", \"CVE-2014-9357\", \"CVE-2014-9358\");\n script_bugtraq_id(71647, 71649, 71654);\n\n script_name(english:\"SUSE SLES12 Security Update : docker (SUSE-SU-2015:0082-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This docker version upgrade fixes the following security and non\nsecurity issues, and adds the also additional features :\n\n - Updated to 1.4.1 (2014-12-15) :\n\n - Runtime :\n\n - Fix issue with volumes-from and bind mounts not being\n honored after create (fixes bnc#913213)\n\n - Added e2fsprogs as runtime dependency, this is required\n when the devicemapper driver is used. (bnc#913211).\n\n - Fixed owner & group for docker.socket (thanks to Andrei\n Dziahel and\n https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555\n #5)\n\n - Updated to 1.4.0 (2014-12-11) :\n\n - Notable Features since 1.3.0 :\n\n - Set key=value labels to the daemon (displayed in `docker\n info`), applied with new `-label` daemon flag\n\n - Add support for `ENV` in Dockerfile of the form: `ENV\n name=value name2=value2...`\n\n - New Overlayfs Storage Driver\n\n - `docker info` now returns an `ID` and `Name` field\n\n - Filter events by event name, container, or image\n\n - `docker cp` now supports copying from container volumes\n\n - Fixed `docker tag`, so it honors `--force` when\n overriding a tag for existing image.\n\n - Changes introduced by 1.3.3 (2014-12-11) :\n\n - Security :\n\n - Fix path traversal vulnerability in processing of\n absolute symbolic links (CVE-2014-9356) - (bnc#909709)\n\n - Fix decompression of xz image archives, preventing\n privilege escalation (CVE-2014-9357) - (bnc#909710)\n\n - Validate image IDs (CVE-2014-9358) - (bnc#909712)\n\n - Runtime :\n\n - Fix an issue when image archives are being read slowly\n\n - Client :\n\n - Fix a regression related to stdin redirection\n\n - Fix a regression with `docker cp` when destination is\n the current directory\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9356/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9357/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9358/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150082-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f0dd7c95\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-28\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"docker-1.4.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"docker-debuginfo-1.4.1-16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"docker-debugsource-1.4.1-16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "83667", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:docker-debugsource", "p-cpe:/a:novell:suse_linux:docker", "p-cpe:/a:novell:suse_linux:docker-debuginfo"], "scheme": null, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}}

{"cve": [{"lastseen": "2020-12-09T19:58:29", "description": "Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\"", "edition": 5, "cvss3": {}, "published": "2014-12-16T18:59:00", "title": "CVE-2014-9358", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9358"], "modified": "2018-10-09T19:55:00", "cpe": ["cpe:/a:docker:docker:1.3.2"], "id": "CVE-2014-9358", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9358", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:docker:docker:1.3.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:58:29", "description": "Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2019-12-02T18:15:00", "title": "CVE-2014-9356", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9356"], "modified": "2019-12-11T20:30:00", "cpe": [], "id": "CVE-2014-9356", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9356", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:N/I:C/A:P"}, "cpe23": []}, {"lastseen": "2020-10-03T12:01:24", "description": "Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.", "edition": 3, "cvss3": {}, "published": "2014-12-16T18:59:00", "title": "CVE-2014-9357", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9357"], "modified": "2018-10-09T19:55:00", "cpe": ["cpe:/a:docker:docker:1.3.2"], "id": "CVE-2014-9357", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9357", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:docker:docker:1.3.2:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "[1.3.3-1.0.1]\n- Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel\n- Restore SysV init scripts for Oracle Linux 6\n- Require Oracle Unbreakable Enterprise Kernel Release 3 or higher\n- Rename as docker.\n- Re-enable btrfs graphdriver support\n[1.3.3-1]\n- Update source to 1.3.3 from https://github.com/docker/docker/releases/tag/v1.3.3\n Path traversal during processing of absolute symlinks (CVE-2014-9356)\n Escalation of privileges during decompression of LZMA (.xz) archives (CVE-2014-9357)", "edition": 4, "modified": "2014-12-30T00:00:00", "published": "2014-12-30T00:00:00", "id": "ELSA-2014-3110", "href": "http://linux.oracle.com/errata/ELSA-2014-3110.html", "title": "docker security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "Oracle Linux Local Security Checks ELSA-2014-3110", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123208", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123208", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-3110", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-3110.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123208\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:44 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-3110\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-3110\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-3110.html\");\n script_cve_id(\"CVE-2014-9356\", \"CVE-2014-9357\", \"CVE-2014-9358\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"docker\", rpm:\"docker~1.3.3~1.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"docker-devel\", rpm:\"docker-devel~1.3.3~1.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"docker-pkg-devel\", rpm:\"docker-pkg-devel~1.3.3~1.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"docker\", rpm:\"docker~1.3.3~1.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"docker-devel\", rpm:\"docker-devel~1.3.3~1.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"docker-pkg-devel\", rpm:\"docker-pkg-devel~1.3.3~1.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:01:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120100", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-461)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120100\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:24 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-461)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in Docker. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update docker to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-461.html\");\n script_cve_id(\"CVE-2014-9357\", \"CVE-2014-9356\", \"CVE-2014-9358\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"docker\", rpm:\"docker~1.3.3~1.0.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"docker-devel\", rpm:\"docker-devel~1.3.3~1.0.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"docker-pkg-devel\", rpm:\"docker-pkg-devel~1.3.3~1.0.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-05T00:00:00", "id": "OPENVAS:1361412562310868678", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868678", "type": "openvas", "title": "Fedora Update for docker-io FEDORA-2014-16839", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for docker-io FEDORA-2014-16839\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868678\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-05 14:41:51 +0100 (Mon, 05 Jan 2015)\");\n script_cve_id(\"CVE-2014-9357\", \"CVE-2014-9358\", \"CVE-2014-9356\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for docker-io FEDORA-2014-16839\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'docker-io'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"docker-io on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2014-16839\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146224.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"docker-io\", rpm:\"docker-io~1.4.0~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-6407", "CVE-2014-9358", "CVE-2014-6408"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-01-26T00:00:00", "id": "OPENVAS:1361412562310868948", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868948", "type": "openvas", "title": "Fedora Update for docker-io FEDORA-2015-1128", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for docker-io FEDORA-2015-1128\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868948\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-26 05:31:07 +0100 (Mon, 26 Jan 2015)\");\n script_cve_id(\"CVE-2014-9357\", \"CVE-2014-9358\", \"CVE-2014-9356\", \"CVE-2014-6407\", \"CVE-2014-6408\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for docker-io FEDORA-2015-1128\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'docker-io'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"docker-io on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-1128\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148505.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"docker-io\", rpm:\"docker-io~1.4.1~6.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "\r\n\r\nDocker 1.3.3 has been released to address several vulnerabilities and is immediately available for all supported platforms: https://docs.docker.com/installation/ \r\n\r\nThis release addresses vulnerabilities which could be exploited by a malicious Dockerfile, image, or registry to compromise a Docker host, modify images, or spoof official repository images. Note that today we also saw the release of Docker 1.4.0, also containing these fixes. While version 1.3.3 is a security-focused update, Docker 1.4.0 includes over 180 new commits, primarily bug fixes.\r\n\r\nIt is highly recommended that users upgrade to Docker Engine 1.3.3 or higher.\r\n\r\nPlease send any questions to security@docker.com.\r\n\r\n\r\n\r\nDocker Security Advisory [141211]\r\n----------------------------------------------------------------------------------------------------------\r\n\r\n=============================================================\r\n[CVE-2014-9356] Path traversal during processing of absolute symlinks\r\n=============================================================\r\n\r\nPath traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive extraction and through volume mounts.\r\n\r\nThis vulnerability allowed malicious images or builds from malicious Dockerfiles to write files to the host system and escape containerization, leading to privilege escalation.\r\n\r\nWe are releasing Docker 1.3.3 to address this vulnerability. Users are highly encouraged to upgrade.\r\n\r\nDiscovered by Tonis Tiigi.\r\n\r\n===================================================================\r\n[CVE-2014-9357] Escalation of privileges during decompression of LZMA &#40;.xz&#41; archives\r\n===================================================================\r\n\r\nIt has been discovered that the introduction of chroot for archive extraction in Docker 1.3.2 had introduced a privilege escalation vulnerability. Malicious images or builds from malicious Dockerfiles could escalate privileges and execute arbitrary code as a privileged root user on the Docker host by providing a malicious \u2018xz\u2019 binary.\r\n\r\nWe are releasing Docker 1.3.3 to address this vulnerability. Only Docker 1.3.2 is vulnerable. Users are highly encouraged to upgrade.\r\n\r\nDiscovered by Tonis Tiigi.\r\n\r\n=========================================================================\r\n[CVE-2014-9358] Path traversal and spoofing opportunities presented through image identifiers\r\n=========================================================================\r\n\r\nIt has been discovered that Docker does not sufficiently validate Image IDs as provided either via &#39;docker load&#39; or through registry communications. This allows for path traversal attacks, causing graph corruption and manipulation by malicious images, as well as repository spoofing attacks.\r\n\r\nWe are releasing Docker 1.3.3 to address this vulnerability. Users are highly encouraged to upgrade.\r\n\r\nDiscovered by Eric Windisch of Docker, Inc.\r\n\r\n", "edition": 1, "modified": "2014-12-22T00:00:00", "published": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31548", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31548", "title": "Docker 1.3.3 - Security Advisory [11 Dec 2014]", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-9356", "CVE-2014-5277", "CVE-2014-9357", "CVE-2014-9358"], "description": "Symbolic links vulnerability, directory traversal, privilege escalation.", "edition": 1, "modified": "2014-12-22T00:00:00", "published": "2014-12-22T00:00:00", "id": "SECURITYVULNS:VULN:14116", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14116", "title": "Docker multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container that a developer builds and tests on a laptop will run at scale, in production*, on VMs, bare-metal servers, OpenStack clusters, public instances, or combinations of the above. ", "modified": "2014-12-15T04:32:25", "published": "2014-12-15T04:32:25", "id": "FEDORA:F2579608A1ED", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: docker-io-1.4.0-1.fc21", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-6407", "CVE-2014-6408", "CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container that a developer builds and tests on a laptop will run at scale, in production*, on VMs, bare-metal servers, OpenStack clusters, public instances, or combinations of the above. ", "modified": "2015-01-26T02:35:37", "published": "2015-01-26T02:35:37", "id": "FEDORA:07C736087F09", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: docker-io-1.4.1-6.fc20", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-06-05T11:12:22", "description": "This docker version update fixes the following security and non\nsecurity issues and adds additional features.\n\n - Updated to 1.4.0 (2014-12-11) :\n\n - Notable Features since 1.3.0 :\n\n - Set key=value labels to the daemon (displayed in `docker\n info`), applied with new `-label` daemon flag\n\n - Add support for `ENV` in Dockerfile of the form: `ENV\n name=value name2=value2...`\n\n - New Overlayfs Storage Driver\n\n - `docker info` now returns an `ID` and `Name` field\n\n - Filter events by event name, container, or image\n\n - `docker cp` now supports copying from container volumes\n\n - Fixed `docker tag`, so it honors `--force` when\n overriding a tag for existing image.\n\n - Changes introduced by 1.3.3 (2014-12-11) :\n\n - Security :\n\n - Fix path traversal vulnerability in processing of\n absolute symbolic links (CVE-2014-9356) - (bnc#909709)\n\n - Fix decompression of xz image archives, preventing\n privilege escalation (CVE-2014-9357) - (bnc#909710)\n\n - Validate image IDs (CVE-2014-9358) - (bnc#909712)\n\n - Runtime :\n\n - Fix an issue when image archives are being read slowly\n\n - Client :\n\n - Fix a regression related to stdin redirection\n\n - Fix a regression with `docker cp` when destination is\n the current directory", "edition": 17, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2014-12-29T00:00:00", "title": "openSUSE Security Update : docker (openSUSE-SU-2014:1722-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "modified": "2014-12-29T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:docker-debugsource", "p-cpe:/a:novell:opensuse:docker", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:docker-zsh-completion", "p-cpe:/a:novell:opensuse:docker-debuginfo", "p-cpe:/a:novell:opensuse:docker-bash-completion"], "id": "OPENSUSE-2014-820.NASL", "href": "https://www.tenable.com/plugins/nessus/80278", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-820.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80278);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-9356\", \"CVE-2014-9357\", \"CVE-2014-9358\");\n\n script_name(english:\"openSUSE Security Update : docker (openSUSE-SU-2014:1722-1)\");\n script_summary(english:\"Check for the openSUSE-2014-820 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This docker version update fixes the following security and non\nsecurity issues and adds additional features.\n\n - Updated to 1.4.0 (2014-12-11) :\n\n - Notable Features since 1.3.0 :\n\n - Set key=value labels to the daemon (displayed in `docker\n info`), applied with new `-label` daemon flag\n\n - Add support for `ENV` in Dockerfile of the form: `ENV\n name=value name2=value2...`\n\n - New Overlayfs Storage Driver\n\n - `docker info` now returns an `ID` and `Name` field\n\n - Filter events by event name, container, or image\n\n - `docker cp` now supports copying from container volumes\n\n - Fixed `docker tag`, so it honors `--force` when\n overriding a tag for existing image.\n\n - Changes introduced by 1.3.3 (2014-12-11) :\n\n - Security :\n\n - Fix path traversal vulnerability in processing of\n absolute symbolic links (CVE-2014-9356) - (bnc#909709)\n\n - Fix decompression of xz image archives, preventing\n privilege escalation (CVE-2014-9357) - (bnc#909710)\n\n - Validate image IDs (CVE-2014-9358) - (bnc#909712)\n\n - Runtime :\n\n - Fix an issue when image archives are being read slowly\n\n - Client :\n\n - Fix a regression related to stdin redirection\n\n - Fix a regression with `docker cp` when destination is\n the current directory\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00106.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected docker packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"docker-1.4.0-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"docker-bash-completion-1.4.0-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"docker-debuginfo-1.4.0-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"docker-debugsource-1.4.0-13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"docker-zsh-completion-1.4.0-13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-bash-completion / docker-debuginfo / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:18:58", "description": "Path traversal attacks are possible in the processing of absolute\nsymlinks. In checking symlinks for traversals, only relative links\nwere considered. This allowed path traversals to exist where they\nshould have otherwise been prevented. This was exploitable via both\narchive extraction and through volume mounts. This vulnerability\nallowed malicious images or builds from malicious Dockerfiles to write\nfiles to the host system and escape containerization, leading to\nprivilege escalation. (CVE-2014-9356)\n\nIt has been discovered that the introduction of chroot for archive\nextraction in Docker 1.3.2 had introduced a privilege escalation\nvulnerability. Malicious images or builds from malicious Dockerfiles\ncould escalate privileges and execute arbitrary code as a root user on\nthe Docker host by providing a malicious 'xz' binary. (CVE-2014-9357)\n\nIt has been discovered that Docker does not sufficiently validate\nImage IDs as provided either via 'docker load' or through registry\ncommunications. This allows for path traversal attacks, causing graph\ncorruption and manipulation by malicious images, as well as repository\nspoofing attacks. (CVE-2014-9358)", "edition": 24, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2014-12-15T00:00:00", "title": "Amazon Linux AMI : docker (ALAS-2014-461)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-devel", "p-cpe:/a:amazon:linux:docker-pkg-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-461.NASL", "href": "https://www.tenable.com/plugins/nessus/79875", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-461.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79875);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2014-9356\", \"CVE-2014-9357\", \"CVE-2014-9358\");\n script_xref(name:\"ALAS\", value:\"2014-461\");\n\n script_name(english:\"Amazon Linux AMI : docker (ALAS-2014-461)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Path traversal attacks are possible in the processing of absolute\nsymlinks. In checking symlinks for traversals, only relative links\nwere considered. This allowed path traversals to exist where they\nshould have otherwise been prevented. This was exploitable via both\narchive extraction and through volume mounts. This vulnerability\nallowed malicious images or builds from malicious Dockerfiles to write\nfiles to the host system and escape containerization, leading to\nprivilege escalation. (CVE-2014-9356)\n\nIt has been discovered that the introduction of chroot for archive\nextraction in Docker 1.3.2 had introduced a privilege escalation\nvulnerability. Malicious images or builds from malicious Dockerfiles\ncould escalate privileges and execute arbitrary code as a root user on\nthe Docker host by providing a malicious 'xz' binary. (CVE-2014-9357)\n\nIt has been discovered that Docker does not sufficiently validate\nImage IDs as provided either via 'docker load' or through registry\ncommunications. This allows for path traversal attacks, causing graph\ncorruption and manipulation by malicious images, as well as repository\nspoofing attacks. (CVE-2014-9358)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-461.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update docker' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-pkg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"docker-1.3.3-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"docker-devel-1.3.3-1.0.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"docker-pkg-devel-1.3.3-1.0.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-devel / docker-pkg-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:13:14", "description": "run tests inside a docker repo allow unitfile to use\n/etc/sysconfig/docker-network Security fix for CVE-2014-9357,\nCVE-2014-9358, CVE-2014-9356\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "published": "2015-01-26T00:00:00", "title": "Fedora 20 : docker-io-1.4.1-6.fc20 (2015-1128)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "modified": "2015-01-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:docker-io", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-1128.NASL", "href": "https://www.tenable.com/plugins/nessus/80981", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-1128.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80981);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9356\", \"CVE-2014-9357\", \"CVE-2014-9358\");\n script_bugtraq_id(71647, 71649, 71654);\n script_xref(name:\"FEDORA\", value:\"2015-1128\");\n\n script_name(english:\"Fedora 20 : docker-io-1.4.1-6.fc20 (2015-1128)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"run tests inside a docker repo allow unitfile to use\n/etc/sysconfig/docker-network Security fix for CVE-2014-9357,\nCVE-2014-9358, CVE-2014-9356\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1172761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1172782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1172787\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148505.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc1f7f21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected docker-io package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:docker-io\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"docker-io-1.4.1-6.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-io\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:12:23", "description": "Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356 Revert to\nusing upstream v1.3.2 release Resolves: rhbz#1169035, rhbz#1169151\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-12-15T00:00:00", "title": "Fedora 21 : docker-io-1.4.0-1.fc21 (2014-16839)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "modified": "2014-12-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:docker-io"], "id": "FEDORA_2014-16839.NASL", "href": "https://www.tenable.com/plugins/nessus/79954", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-16839.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79954);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9356\", \"CVE-2014-9357\", \"CVE-2014-9358\");\n script_xref(name:\"FEDORA\", value:\"2014-16839\");\n\n script_name(english:\"Fedora 21 : docker-io-1.4.0-1.fc21 (2014-16839)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2014-9357, CVE-2014-9358, CVE-2014-9356 Revert to\nusing upstream v1.3.2 release Resolves: rhbz#1169035, rhbz#1169151\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1172761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1172782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1172787\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146224.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd8dc49b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected docker-io package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:docker-io\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"docker-io-1.4.0-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-io\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:49:44", "description": "Description of changes:\n\n[1.3.3-1.0.1]\n- Add symlink/LICENSE.BSD and symlink/LICENSE.APACHE under %files macro \nfor docker-pkg-devel\n- Rename requirement of docker-io-pkg-devel in %package devel as \ndocker-pkg-devel\n- Rename as docker\n- Restore SysV init scripts for Oracle Linux 6\n\n[1.3.3-1]\n- Update source to 1.3.3 from \nhttps://github.com/docker/docker/releases/tag/v1.3.3\n Path traversal during processing of absolute symlinks (CVE-2014-9356)\n Escalation of privileges during decompression of LZMA (.xz) archives \n(CVE-2014-9357)\n Path traversal and spoofing opportunities presented through image \nidentifiers (CVE-2014-9358)", "edition": 20, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2015-01-02T00:00:00", "title": "Oracle Linux 6 / 7 : docker (ELSA-2014-3110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "modified": "2015-01-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:docker-devel", "p-cpe:/a:oracle:linux:docker-pkg-devel", "p-cpe:/a:oracle:linux:docker", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-3110.NASL", "href": "https://www.tenable.com/plugins/nessus/80329", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2014-3110.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80329);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9356\", \"CVE-2014-9357\", \"CVE-2014-9358\");\n script_bugtraq_id(71647, 71649, 71654);\n\n script_name(english:\"Oracle Linux 6 / 7 : docker (ELSA-2014-3110)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[1.3.3-1.0.1]\n- Add symlink/LICENSE.BSD and symlink/LICENSE.APACHE under %files macro \nfor docker-pkg-devel\n- Rename requirement of docker-io-pkg-devel in %package devel as \ndocker-pkg-devel\n- Rename as docker\n- Restore SysV init scripts for Oracle Linux 6\n\n[1.3.3-1]\n- Update source to 1.3.3 from \nhttps://github.com/docker/docker/releases/tag/v1.3.3\n Path traversal during processing of absolute symlinks (CVE-2014-9356)\n Escalation of privileges during decompression of LZMA (.xz) archives \n(CVE-2014-9357)\n Path traversal and spoofing opportunities presented through image \nidentifiers (CVE-2014-9358)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004766.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-December/004767.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected docker packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-pkg-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"docker-1.3.3-1.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"docker-devel-1.3.3-1.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"docker-pkg-devel-1.3.3-1.0.1.el6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"docker-1.3.3-1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"docker-devel-1.3.3-1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"docker-pkg-devel-1.3.3-1.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-devel / docker-pkg-devel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:05:20", "description": "Updated docker packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 7 Extras.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nDocker is a service providing container management on Linux.\n\nIt was found that a malicious container image could overwrite\narbitrary portions of the host file system by including absolute\nsymlinks, potentially leading to privilege escalation. (CVE-2014-9356)\n\nA flaw was found in the way the Docker service unpacked images or\nbuilds after a 'docker pull'. An attacker could use this flaw to\nprovide a malicious image or build that, when unpacked, would escalate\ntheir privileges on the system. (CVE-2014-9357)\n\nRed Hat would like to thank Docker Inc. for reporting these issues.\n\nThe docker-python subpackage provides the new Atomic tool. The goal of\nAtomic is to provide a high level, coherent entry point for Red Hat\nEnterprise Linux Atomic Host. Atomic makes it easier to interact with\nspecial kinds of containers, such as super-privileged debugging tools.\nComprehensive information and documentation is available in the atomic\nmanual pages.\n\nThe docker packages have been upgraded to upstream version 1.4.1,\nwhich provides a number of bug fixes and enhancements over the\nprevious version, most notably an experimental overlayfs storage\ndriver. (BZ#1174351)\n\nBug fixes :\n\n* The JSON configuration files for containers and images were\ninconsistent. As a consequence, when these files were parsed by the\n'docker inspect' command, the output was unnecessarily complex. This\nupdate improves the key naming schema in the configuration files and\nthe output from 'docker inspect' is now uniform. (BZ#1092773)\n\n* The /run directory had an incorrect SELinux label. As a consequence,\ncontainers could not access /run. This update corrects the SELinux\nlabel and containers now have access to /run. (BZ#1100009)\n\n* The Docker service contained an incorrect path for the secrets\ndirectory. As a consequence, executing 'docker run' failed to create\ncontainers. This update fixes the default path to the secrets\ndirectory and 'docker run' now executes successfully. (BZ#1102568)\n\n* It was not possible to specify a default repository in the\nconfiguration file in cases where all docker.io files are\ninaccessible. As a consequence, running docker commands failed because\nthey could not contact the default repositories. Now, it is possible\nto specify a local Docker repository, and commands no longer fail\nbecause they are able to connect to a local private repository.\n(BZ#1106430)\n\n* When executing the 'docker attach' command on a container which was\nin the process of shutting down, the process did not fail, but became\nunresponsive. This bug has been fixed, and running 'docker attach' on\na container which is shutting down causes the attach process to fail\nwith an informative error message that it is not possible to attach to\na stopped container. (BZ# 1113608)\n\n* The 'docker run' sub-command incorrectly returned non-zero exit\ncodes, when they all should have been zero. As a consequence, it was\nnot possible to differentiate between the exit codes of the docker\ncommand line and exit codes of contained processes, which in turn made\nautomated control of 'docker run' impossible. This update fixes the\ninconsistencies within the exit codes of 'docker run'. Additionally,\nthis update also fixes inconsistencies of other docker sub-commands\nand improves the language in the error and warning messages.\n(BZ#1162807)\n\n* Adding a new registry with the '--registry-prepend' option did not\nfollow the correct order to query and download an image. As a\nconsequence, it did not query the prepended new registry first, but\nrather started with querying docker.io. The '--registry-prepend'\noption has been renamed to '--registry-add' and its behavior has been\nchanged to query the registries added in the given order, with\ndocker.io queried last. (BZ#1186153)\n\nAll docker users are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.", "edition": 27, "cvss3": {"score": 8.6, "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2015-03-05T00:00:00", "title": "RHEL 7 : docker (RHSA-2015:0623)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9356", "CVE-2014-9357"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:docker", "p-cpe:/a:redhat:enterprise_linux:python-websocket-client", "p-cpe:/a:redhat:enterprise_linux:docker-logrotate", "p-cpe:/a:redhat:enterprise_linux:docker-python", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2015-0623.NASL", "href": "https://www.tenable.com/plugins/nessus/81640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0623. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81640);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/12/12\");\n\n script_cve_id(\"CVE-2014-9356\", \"CVE-2014-9357\");\n script_xref(name:\"RHSA\", value:\"2015:0623\");\n\n script_name(english:\"RHEL 7 : docker (RHSA-2015:0623)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated docker packages that fix two security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 7 Extras.\n\nRed Hat Product Security has rated this update as having Low security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which\ngive detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.\n\nDocker is a service providing container management on Linux.\n\nIt was found that a malicious container image could overwrite\narbitrary portions of the host file system by including absolute\nsymlinks, potentially leading to privilege escalation. (CVE-2014-9356)\n\nA flaw was found in the way the Docker service unpacked images or\nbuilds after a 'docker pull'. An attacker could use this flaw to\nprovide a malicious image or build that, when unpacked, would escalate\ntheir privileges on the system. (CVE-2014-9357)\n\nRed Hat would like to thank Docker Inc. for reporting these issues.\n\nThe docker-python subpackage provides the new Atomic tool. The goal of\nAtomic is to provide a high level, coherent entry point for Red Hat\nEnterprise Linux Atomic Host. Atomic makes it easier to interact with\nspecial kinds of containers, such as super-privileged debugging tools.\nComprehensive information and documentation is available in the atomic\nmanual pages.\n\nThe docker packages have been upgraded to upstream version 1.4.1,\nwhich provides a number of bug fixes and enhancements over the\nprevious version, most notably an experimental overlayfs storage\ndriver. (BZ#1174351)\n\nBug fixes :\n\n* The JSON configuration files for containers and images were\ninconsistent. As a consequence, when these files were parsed by the\n'docker inspect' command, the output was unnecessarily complex. This\nupdate improves the key naming schema in the configuration files and\nthe output from 'docker inspect' is now uniform. (BZ#1092773)\n\n* The /run directory had an incorrect SELinux label. As a consequence,\ncontainers could not access /run. This update corrects the SELinux\nlabel and containers now have access to /run. (BZ#1100009)\n\n* The Docker service contained an incorrect path for the secrets\ndirectory. As a consequence, executing 'docker run' failed to create\ncontainers. This update fixes the default path to the secrets\ndirectory and 'docker run' now executes successfully. (BZ#1102568)\n\n* It was not possible to specify a default repository in the\nconfiguration file in cases where all docker.io files are\ninaccessible. As a consequence, running docker commands failed because\nthey could not contact the default repositories. Now, it is possible\nto specify a local Docker repository, and commands no longer fail\nbecause they are able to connect to a local private repository.\n(BZ#1106430)\n\n* When executing the 'docker attach' command on a container which was\nin the process of shutting down, the process did not fail, but became\nunresponsive. This bug has been fixed, and running 'docker attach' on\na container which is shutting down causes the attach process to fail\nwith an informative error message that it is not possible to attach to\na stopped container. (BZ# 1113608)\n\n* The 'docker run' sub-command incorrectly returned non-zero exit\ncodes, when they all should have been zero. As a consequence, it was\nnot possible to differentiate between the exit codes of the docker\ncommand line and exit codes of contained processes, which in turn made\nautomated control of 'docker run' impossible. This update fixes the\ninconsistencies within the exit codes of 'docker run'. Additionally,\nthis update also fixes inconsistencies of other docker sub-commands\nand improves the language in the error and warning messages.\n(BZ#1162807)\n\n* Adding a new registry with the '--registry-prepend' option did not\nfollow the correct order to query and download an image. As a\nconsequence, it did not query the prepended new registry first, but\nrather started with querying docker.io. The '--registry-prepend'\noption has been renamed to '--registry-add' and its behavior has been\nchanged to query the registries added in the given order, with\ndocker.io queried last. (BZ#1186153)\n\nAll docker users are advised to upgrade to these updated packages,\nwhich correct these issues and add these enhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9357\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9356\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-logrotate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:docker-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-websocket-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0623\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-1.4.1-37.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-logrotate-1.4.1-37.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"docker-python-0.7.1-37.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"python-websocket-client-0.14.1-37.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-logrotate / docker-python / python-websocket-client\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "**Issue Overview:**\n\nPath traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive extraction and through volume mounts. This vulnerability allowed malicious images or builds from malicious Dockerfiles to write files to the host system and escape containerization, leading to privilege escalation. ([CVE-2014-9356 __](<https://access.redhat.com/security/cve/CVE-2014-9356>))\n\nIt has been discovered that the introduction of chroot for archive extraction in Docker 1.3.2 had introduced a privilege escalation vulnerability. Malicious images or builds from malicious Dockerfiles could escalate privileges and execute arbitrary code as a root user on the Docker host by providing a malicious 'xz' binary. ([CVE-2014-9357 __](<https://access.redhat.com/security/cve/CVE-2014-9357>))\n\nIt has been discovered that Docker does not sufficiently validate Image IDs as provided either via 'docker load' or through registry communications. This allows for path traversal attacks, causing graph corruption and manipulation by malicious images, as well as repository spoofing attacks. ([CVE-2014-9358 __](<https://access.redhat.com/security/cve/CVE-2014-9358>))\n\n \n**Affected Packages:** \n\n\ndocker\n\n \n**Issue Correction:** \nRun _yum update docker_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n src: \n docker-1.3.3-1.0.amzn1.src \n \n x86_64: \n docker-devel-1.3.3-1.0.amzn1.x86_64 \n docker-pkg-devel-1.3.3-1.0.amzn1.x86_64 \n docker-1.3.3-1.0.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-12-11T16:40:00", "published": "2014-12-11T16:40:00", "id": "ALAS-2014-461", "href": "https://alas.aws.amazon.com/ALAS-2014-461.html", "title": "Critical: docker", "type": "amazon", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358"], "description": "- CVE-2014-9356 (path traversal)\nPath traversal attacks are possible in the processing of absolute\nsymlinks. In checking symlinks for traversals, only relative links were\nconsidered. This allowed path traversals to exist where they should have\notherwise been prevented. This was exploitable via both archive\nextraction and through volume mounts.\nThis vulnerability allowed malicious images or builds from malicious\nDockerfiles to write files to the host system and escape\ncontainerization, leading to privilege escalation.\n\n- CVE-2014-9357 (privilege escalation)\nIt has been discovered that the introduction of chroot for archive\nextraction in Docker 1.3.2 had introduced a privilege escalation\nvulnerability. Malicious images or builds from malicious Dockerfiles\ncould escalate privileges and execute arbitrary code as a privileged\nroot user on the Docker host by providing a malicious &#8216;xz&#8217; binary.\n\n- CVE-2014-9358 (path traversal)\nIt has been discovered that Docker does not sufficiently validate Image\nIDs as provided either via 'docker load' or through registry\ncommunications. This allows for path traversal attacks, causing graph\ncorruption and manipulation by malicious images, as well as repository\nspoofing attacks.", "modified": "2014-12-15T00:00:00", "published": "2014-12-15T00:00:00", "id": "ASA-201412-16", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html", "type": "archlinux", "title": "docker: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9356", "CVE-2014-9357"], "description": "Docker is a service providing container management on Linux.\n\nIt was found that a malicious container image could overwrite arbitrary portions\nof the host file system by including absolute symlinks, potentially leading to\nprivilege escalation. (CVE-2014-9356)\n\nA flaw was found in the way the Docker service unpacked images or builds after a\n\"docker pull\". An attacker could use this flaw to provide a malicious image or\nbuild that, when unpacked, would escalate their privileges on the system.\n(CVE-2014-9357)\n\nRed Hat would like to thank Docker Inc. for reporting these issues.\n\nThe docker-python subpackage provides the new Atomic tool. The goal of Atomic is\nto provide a high level, coherent entry point for Red Hat Enterprise Linux\nAtomic Host. Atomic makes it easier to interact with special kinds of\ncontainers, such as super-privileged debugging tools. Comprehensive information\nand documentation is available in the atomic manual pages.\n\nThe docker packages have been upgraded to upstream version 1.4.1, which provides\na number of bug fixes and enhancements over the previous version, most notably\nan experimental overlayfs storage driver. (BZ#1174351)\n\nBug fixes:\n\n* The JSON configuration files for containers and images were inconsistent. As a\nconsequence, when these files were parsed by the \"docker inspect\" command, the\noutput was unnecessarily complex. This update improves the key naming schema in\nthe configuration files and the output from \"docker inspect\" is now uniform.\n(BZ#1092773)\n\n* The /run directory had an incorrect SELinux label. As a consequence,\ncontainers could not access /run. This update corrects the SELinux label and\ncontainers now have access to /run. (BZ#1100009)\n\n* The Docker service contained an incorrect path for the secrets directory. As a\nconsequence, executing \"docker run\" failed to create containers. This update\nfixes the default path to the secrets directory and \"docker run\" now executes\nsuccessfully. (BZ#1102568)\n\n* It was not possible to specify a default repository in the configuration file\nin cases where all docker.io files are inaccessible. As a consequence, running\ndocker commands failed because they could not contact the default repositories.\nNow, it is possible to specify a local Docker repository, and commands no longer\nfail because they are able to connect to a local private repository.\n(BZ#1106430)\n\n* When executing the \"docker attach\" command on a container which was in the\nprocess of shutting down, the process did not fail, but became unresponsive.\nThis bug has been fixed, and running \"docker attach\" on a container which is\nshutting down causes the attach process to fail with an informative error\nmessage that it is not possible to attach to a stopped container. (BZ#1113608)\n\n* The \"docker run\" sub-command incorrectly returned non-zero exit codes, when\nthey all should have been zero. As a consequence, it was not possible to\ndifferentiate between the exit codes of the docker command line and exit codes\nof contained processes, which in turn made automated control of \"docker run\"\nimpossible. This update fixes the inconsistencies within the exit codes of\n\"docker run\". Additionally, this update also fixes inconsistencies of other\ndocker sub-commands and improves the language in the error and warning messages.\n(BZ#1162807)\n\n* Adding a new registry with the \"--registry-prepend\" option did not follow the\ncorrect order to query and download an image. As a consequence, it did not query\nthe prepended new registry first, but rather started with querying docker.io.\nThe \"--registry-prepend\" option has been renamed to \"--registry-add\" and its\nbehavior has been changed to query the registries added in the given order, with\ndocker.io queried last. (BZ#1186153)\n\nAll docker users are advised to upgrade to these updated packages, which correct\nthese issues and add these enhancements.\n", "modified": "2016-05-19T23:33:08", "published": "2015-03-05T05:00:00", "id": "RHSA-2015:0623", "href": "https://access.redhat.com/errata/RHSA-2015:0623", "type": "redhat", "title": "(RHSA-2015:0623) Low: docker security, bug fix, and enhancement update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}