UBUNTU-CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

CVE-2015-3631

Docker Engine prior to 1.6.1 is affected by a local-privilege-escalation vulnerability where a container image can cause volumes to override files under /proc, allowing an attacker to set arbitrary Linux Security Modules (LSM) and docker_t policies. The issue arises when /proc files can be overri...

CVE-2015-3629

CVE-2015-3629 : Affects Libcontainer 1.6.0, as used in Docker Engine. If a container is respawned, an attacker can perform a symlink attack to escape the container and write to arbitrary files on the host via the mount namespace, enabling local container breakout and host impact. The issue is doc...

CVE-2015-3630

Docker Engine prior to 1.6.1 is vulnerable to CVE-2015-3630 due to weak permissions on /proc paths (/proc/asound, /proc/timer_stats, /proc/latency_stats, /proc/fs). This lets a local attacker modify the host, access sensitive information, and, via a crafted image, enable protocol downgrade attack...

CVE-2015-3627

CVE-2015-3627 describes a symlink-based privilege escalation in Libcontainer and Docker Engine where a file-descriptor is opened before performing chroot, enabling a local attacker to gain elevated privileges via a crafted Dockerfile or image. IBM bulletin coverage confirms this vulnerability wit...

CVE-2015-3627

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

Docker Container Symbolic Link Directory Traversal Elevation of Privilege Vulnerability

Docker is an open source application container engine that allows developers to package their applications as well as dependency packages into a portable container and then distribute it to any popular Linux machine, also enabling virtualization. Docker suffers from a security vulnerability when...

Docker /proc/ directory insecure permission configuration vulnerability

Docker is an open source application container engine that allows developers to package their applications as well as dependency packages into a portable container and then distribute it to any popular Linux machine, also enabling virtualization. Docker insecurely sets up the /proc/ directory and...

Docker Insecure File Descriptor Handling Elevation of Privilege Vulnerability

Docker is an open-source application container engine that allows developers to package their applications, along with dependency packages, into a portable container and then distribute it to any popular Linux machine, also enabling virtualization. Docker's handling of container redistribution...

Docker /proc/ file write vulnerability

Docker is an open-source application container engine that allows developers to package their applications, along with dependency packages, into a portable container and then distribute it to any popular Linux machine, also enabling virtualization. Docker handles volume mounts with a security...

docker: multiple issues

CVE-2015-3627 privilege escalation The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege...

PT-2015-6251 · Docker +2 · Docker Engine +3

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to set arbitrary Linux Security Modules LSM and docker t policies via an image that allows volumes to override files in /proc. This can be achieved by exploiting...

PT-2015-6247 · Docker +2 · Libcontainer +4

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Libcontainer versions prior to 1.6.1 Description: The issue allows local users to gain privileges via a symlink attack in an image. This occurs because Libcontainer and Docker Engine open the...

PT-2015-6250 · Docker +2 · Docker Engine +3

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. This is due to weak permissions for certain /proc...

PT-2015-6249 · Docker +2 · Libcontainer +3

Name of the Vulnerable Software and Affected Versions: Docker Engine using Libcontainer version 1.6.0 Description: The issue allows local users to escape containerization and write to arbitrary files on the host system via a symlink attack in an image when respawning a container. This is due to a...