Linux Distros Unpatched Vulnerability : CVE-2016-6595

🗓️ 04 Mar 2025 00:00:00Reported by TenableType

Linux/Unix host has unpatched vulnerability (CVE-2016-6595) affecting Docker SwarmKit toolkit.

Reporter	Title	Published	Views	Family All 11
CNVD	Docker Swarmki Local Denial of Service Vulnerability	5 Jan 201700:00	–	cnvd
CVE	CVE-2016-6595	4 Jan 201720:00	–	cve
Cvelist	CVE-2016-6595	4 Jan 201720:00	–	cvelist
Debian CVE	CVE-2016-6595	4 Jan 201720:00	–	debiancve
NVD	CVE-2016-6595	4 Jan 201720:59	–	nvd
Prion	Design/Logic Flaw	4 Jan 201720:59	–	prion
Positive Technologies	PT-2017-8997 · Docker · Swarmkit +1	4 Jan 201700:00	–	ptsecurity
Tenable Nessus	RHEL 7 : docker (Unpatched Vulnerability)	11 May 202400:00	–	nessus
Tenable Nessus	RHEL 7 : docker (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
RedhatCVE	CVE-2016-6595	4 Aug 201609:48	–	redhatcve

Source	Link
access	www.access.redhat.com/security/cve/cve-2016-6595
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(219859);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/24");

  script_cve_id("CVE-2016-6595");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2016-6595");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service
    (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this
    issue, stating that this sequence is not removing the state that is left by old nodes. At some point the
    manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for
    Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the
    only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources.
    We can't do anything about a manager running out of memory and not being able to add new legitimate nodes
    to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy
    vulnerability. (CVE-2016-6595)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-6595");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6595");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:docker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/CentOS Linux-7", "Host/OS/Red Hat Enterprise Linux-7");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "CentOS Linux-7": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "7",
        "pkgs": [
          {"reference": "docker"}
        ]
      }
    ]
  },
  "Red Hat Enterprise Linux-7": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "7",
        "pkgs": [
          {"reference": "docker"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

24 Aug 2025 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 24

CVSS 36.5

EPSS0.00649