Modern Network Coverage and Container Security in InsightVM

For a long time, the concept of "infrastructure" remained relatively unchanged: Firewalls, routers, servers, desktops, and so on make up the majority of your network. Yet over the last few years, the tides have begun to shift. Virtualization is now ubiquitous, giving employees tremendous leeway i...

Directory Traversal

github.com/docker/docker is vulnerable to directory traversal attacks. These attacks are possible by using a symlink attack in an image when respawning a container. It allows local users to escape containerization "mount namespace breakout" and file overwrite...

[SECURITY] Fedora 25 Update: docker-1.12.3-2.git91ae1d1.fc25

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

New Release: Kali Linux for Docker — Deploy and Play!

The Developers of one of the most advanced open source operating system for penetration testing called 'KALI Linux' have made the operating system available for Docker-addicted system administrators. But, What’s Docker? Docker is a new open-source container technology, released in June 2014, that...

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

Design/Logic Flaw

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

CVE-2015-3629

CVE-2015-3629 : Affects Libcontainer 1.6.0, as used in Docker Engine. If a container is respawned, an attacker can perform a symlink attack to escape the container and write to arbitrary files on the host via the mount namespace, enabling local container breakout and host impact. The issue is doc...

Amazon Linux AMI : docker (ALAS-2015-522)

The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege escalation. CVE-2015-3627 Libcontainer versi...

docker: multiple issues

CVE-2015-3627 privilege escalation The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal. This allows malicious container images to trigger a local privilege...

docker: multiple issues

CVE-2014-9356 path traversal Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both...

[SECURITY] Fedora 20 Update: docker-io-1.0.0-6.fc20

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...