8 matches found
docker-stable-24.0.9_ce-15.1 on GA media (moderate)
docker-stable-24.0.9ce-15.1 on GA media Announcement ID: openSUSE-SU-2025:15589-1 Rating: moderate Cross-References: CVE-2014-3499 CVE-2014-5277 CVE-2014-6407 CVE-2014-6408 CVE-2014-8178 CVE-2014-8179 CVE-2014-9356 CVE-2014-9357 CVE-2014-9358 CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-363...
docker 1.0.0 docker.socket world accessible
CVE-2014-3499 docker.socket world accessible 漏洞类型 设计错误 本地权限提升 漏洞分析 Docker 1.0.0使用全局可读可写的管理套接字,这种设计会允许本地用户利用写套接字,获得特殊的权限。 具体分析 docker.socket 在docker 1.0.0版本时,并没有限制读写socket的权限,导致本地用户任何socket读写都能够完成。 本地用户使用构造的恶意请求写入到socket中会导致root权限执行任意代码。 具体过程 在init/systemd中,...
RHEL 7 : docker (RHSA-2014:0820)
An updated docker package that fixes one security issue is now available for Red Hat Enterprise Linux 7 Extras. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Fedora Update for docker-io FEDORA-2014-8034
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : docker-io-1.0.0-6.fc20 (2014-8021)
Resolves: rhbz1114810 - CVE-2014-3499 correct bz Set mode,user,group in docker.socket file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora 19 : docker-io-1.0.0-6.fc19 (2014-8034)
Resolves: rhbz1114810 - CVE-2014-3499 correct bz Set mode,user,group in docker.socket file Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
CVE-2014-3499
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors...
CVE-2014-3499
Technical details beyond the general description for CVE-2014-3499 are not provided in the connected documents. Monitor for updates from OSV/OpenVAS/Nessus entries for affected products and fixes.