Exploit for OS Command Injection in Gnu Bash

Shellshock exploit + vulnerable envir...

Docker Security Bypass Vulnerability (CNVD-2016-12185)

Docker is an open source application container engine from the American company Docker. A security bypass vulnerability exists in versions of Docker prior to 1.8.3. An attacker can exploit this vulnerability to bypass security restrictions and perform unauthorized operations...

Fedora Update for docker FEDORA-2016-15cf686c8d

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for docker FEDORA-2016-8e1558d1c6

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : containerd / docker / runc (openSUSE-2016-1400)

This update for containerd, docker, runc fixes the following issues : Security issues fixed : - CVE-2016-8867: Fix ambient capability usage in containers bsc1007249. Bugfixes : - boo1006368: Fixed broken docker/containerd installation when installed by SuSE Studio in an appliance. - boo1004490:...

CVE-2016-9685

A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfsattrshortformlist and xfsattr3leaflistint when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of servic...

Fedora 25 : 2:docker (2016-15cf686c8d)

built docker @projectatomic/docker-1.12 commit 9a594b9 ---- built docker @projectatomic/docker-1.12 commit 9a594b9 ---- built docker @projectatomic/docker-1.12 commit 91ae1d1 ---- built docker @projectatomic/docker-1.12 commit 91ae1d1 Note that Tenable Network Security has extracted the preceding...

Fedora 25 : 2:docker (2016-8e1558d1c6)

built docker @projectatomic/docker-1.12 commit 91ae1d1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

[SECURITY] Fedora 25 Update: docker-1.12.3-6.git9a594b9.fc25

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Docker Security Bypass Vulnerability

Docker is an open source application container engine from Docker Inc. in the United States, which supports the creation of a container lightweight virtual machine and deployment and running applications on Linux systems, as well as automated installation, deployment and upgrading of applications...

Docker Security Bypass Vulnerability (CNVD-2016-11230)

Docker is an open source application container engine from Docker Inc. in the United States, which supports the creation of a container lightweight virtual machine and deployment and running applications on Linux systems, as well as automated installation, deployment and upgrading of applications...

Paragon Initiative Enterprises: Missing GIT tag/commit verification in Docker

in: https://github.com/paragonie/airship/blob/master/docker/Dockerfile.airshipL14-L16 RUN git clone https://github.com/jedisct1/libsodium.git /tmp/sodium WORKDIR /tmp/sodium RUN git checkout tags/1.0.10 The code is fetched from Github without one of: 1. signature verification on relevant tag. GPG...

The use of Dirty Cow to achieve the docker escape-vulnerability warning-the black bar safety net

Foreword Dirty Cow vulnerability is the use of the Linux kernel in the processing memory write copies Copy-on-Write when the existence conditions of competitive vulnerability, the result can be destruction of private read-only memory mapping. While a low-privileged local user can exploit this...

RHEL 7 : docker (RHSA-2016:2634)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2634 advisory. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run...

Moderate: Red Hat Security Advisory: docker security and bug fix update

An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

docker: privilege escalation via confusion of usernames and UIDs

It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container...

osquery Command And Control: Kolide

osquery Command And Control Kolide is an agentless osquery web interface and remote api server. Kolide uses the osquery remote apis to do ad-hoc distributed queries, osqueryd configurations and the collection and processing of scheduled queries packs. Kolide was designed to be extremely portable ...

Docker Engine is vulnerable

Docker Engine is a set of lightweight runtime environments and package management tools from Docker, Inc. A security vulnerability exists in Docker Engine version 1.12.2, which stems from an enabled environment condition configured with the wrong condition policy. An attacker can exploit the...

Imgur: Unauthenticated Docker registry

A docker registry was open and unauthenticated, giving access to outdated Imgur source code and secret keys...

CVE-2016-8867

The runc version as used in docker 1.12.2 was incorrectly setting ambient capabilities for all processes executed inside containers. This caused processes of non-root users to run with unexpected privileges, allowing them to escalate their privileges to root...