EUVD-2014-5171

Malware in sbrugna...

boot2docker Code Execution Vulnerability

boot2docker is a distribution of lightweight Linux that runs exclusively on Docker containers. A security vulnerability in the Docker daemon in boot2docker 1.2 and earlier versions stems from the program failing to properly open unauthenticated TCP links by default. A remote attacker could exploi...

boot2docker Cross-Site Request Forgery Vulnerability

boot2docker is a distribution of lightweight Linux that runs exclusively on Docker containers. A security vulnerability exists in boot2docker 1.2 and earlier versions. A remote attacker can exploit this vulnerability to conduct cross-site request forgery attacks and execute code...

Design/Logic Flaw

The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers...

CVE-2014-5280

boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery CSRF attacks by leveraging Docker daemons enabling TCP connections without TLS authentication...

CVE-2014-5279

The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers...

Cross site request forgery (csrf)

boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery CSRF attacks by leveraging Docker daemons enabling TCP connections without TLS authentication...

CVE-2014-5279

The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitrary code from children containers...

CVE-2014-5280

boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery CSRF attacks by leveraging Docker daemons enabling TCP connections without TLS authentication...

CVE-2014-5279

CVE-2014-5279 affects the Docker daemon used by boot2docker 1.2 and earlier. The issue arises from the daemon improperly enabling unauthenticated TCP connections by default, exposing a network interface that remote attackers can reach. Impact: remote attackers could potentially gain privileges or...

CVE-2014-5280

Boot2Docker 1.2 and earlier are affected by CVE-2014-5280, with a CSRF vulnerability exploited by leveraging Docker daemons that accept TCP connections without TLS authentication. This stems from the underlying Docker daemon configuration allowing unauthenticated TCP access, enabling CSRF-related...

GNU libiberty - Buffer Overflow Exploit

Exploit for linux platform in category dos / poc Source: https://gcc.gnu.org/bugzilla/showbug.cgi?id=69687 The attached program binary causes a buffer overflow in cplus-dem.c when it tries to demangle specially crafted function arguments in the binary. Both the buffer size as well as the buffer...