CVE-2016-0761

CVE-2016-0761 affects Cloud Foundry Garden-Linux (versions prior to v0.333.0) and Elastic Runtime 1.6.x prior to 1.6.17. The flaw is in how container files are managed during Docker image preparation, which could allow deletion, corruption, or overwriting of host files and directories, including ...

Modern Network Coverage and Container Security in InsightVM

For a long time, the concept of "infrastructure" remained relatively unchanged: Firewalls, routers, servers, desktops, and so on make up the majority of your network. Yet over the last few years, the tides have begun to shift. Virtualization is now ubiquitous, giving employees tremendous leeway i...

Cameradar - An RTSP Surveillance Camera Access Multitool

Cameradar hacks its way into RTSP CCTV cameras Cameradar allows you to: Detect open RTSP hosts on any accessible target Get their public info hostname, port, camera model, etc. Launch automated dictionary attacks to get their stream route for example /live.sdp Launch automated dictionary attacks ...

Is Docker Swarm going to change how we do microservices APIs?

During the DockerCon a couple of weeks ago the new native swarm functionality was one of the highlighted themes. What is a swarm? A swarm is a cluster of Docker engines, or nodes, which acts as an orchestrator, monitor and ingress load balancer for all the services deployed on swarm. The Docker...

Container Bypass

gthub.com/docker/docker is vulnerable to container bypass. Attackers are able to edit the default run profile of an image container leading to container bypass through the security options...

Directory Traversal

github.com/docker/docker is vulnerable to path traversal attacks. These attacks are possible due to a flaw in the processing of absolute symlinks. The flaw allows attackers to use malicious images and builds to write files to the host system and escape containerization, possibly leading to...

Remote Code Execution (RCE)

github.com/docker/docker is vulnerable to remote code execution RCE attacks. This allows attackers to execute code with root privileges through an image or build in a Dockerfile in an LZMA .xz archive...

Directory Traversal

github.com/docker/docker is vulnerable to path traversal attacks and spoofed repositories. These attacks are possible because Docker fails to correctly validate image IDs when using docker load or register communications...

Request KeyChain Access

github.com/docker/docker-credential-helpers requests keychain access for random keys. This is when the credential helper doesn't have a login keychain specified. It then tries to look at every registered keychain...

Privilege Escalation

github.com/docker/libcontainer is vulnerable to privilege escalation attacks. These attacks are possible because github.com/docker/libcontainer and docker open the file-descriptor passed to pid-1 before performing chroot actions. The attacks can be triggered through a symlink attack...

Directory Traversal

github.com/docker/docker is vulnerable to directory traversal attacks. These attacks are possible by using a symlink attack in an image when respawning a container. It allows local users to escape containerization "mount namespace breakout" and file overwrite...

Information Disclosure

github.com/docker/docker is vulnerable to information disclosure. Attackers can obtain sensitive information, modify the host and perform protocol downgrade attacks using a docker image. These attacks are possible because github.com/docker/docker uses weak permissions for files in the /proc folde...

File Override

github.com/docker/docker is vulnerable to file override attacks. It allows local users to set Linux Security Modules LSM and dockert policies. It can be triggered through images that allow volumes to override files in /proc...

Privilege Escalation

github.com/opencontainers/runc is vulnerable to privilege escalation attacks. These attacks are possible because github.com/opencontainers/runc treats a numeric UID as a potential username. This allows local users to gain privileges though a numeric username in the password file. This transitivel...

Access Restriction Bypass

github.com/opencontainers/runc is vulnerable to attackers bypassing access restrictions. This is possible when ambient capabilities are enabled but misconfigured. It would allow malicious images to bypass user permissions and access other files within the file system and other mounted volumes. Th...

Escalation Of Privileges

github.com/docker/docker is vulnerable to escalation of privileges. It uses world-readable and world-writable permissions on the management socket which allows local users to gain privileges...

Information Disclosure

github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may...

EulerOS 2.0 SP1 : docker (EulerOS-SA-2016-1016)

According to the version of the docker packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use th...

Multi Purpose DevOps Security Auditing Tool: DevAudit

Multi Purpose DevOps Security Auditing Tool DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and DevOps practitioners that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing...

ssh_scan - A prototype SSH Configuration and Policy Scanner

A SSH configuration and policy scanner Key Benefits Minimal Dependancies - Uses native Ruby and BinData to do its work, no heavy dependancies. Not Just a Script - Implementation is portable for use in another project or for automation of tasks. Simple - Just point sshscan at an SSH service and...