DEBIAN-CVE-2015-3627

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image...

Design/Logic Flaw

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image...

Design/Logic Flaw

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

Design/Logic Flaw

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

UBUNTU-CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

UBUNTU-CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

CVE-2015-3630

Docker Engine prior to 1.6.1 is vulnerable to CVE-2015-3630 due to weak permissions on /proc paths (/proc/asound, /proc/timer_stats, /proc/latency_stats, /proc/fs). This lets a local attacker modify the host, access sensitive information, and, via a crafted image, enable protocol downgrade attack...

CVE-2015-3631

Docker Engine prior to 1.6.1 is affected by a local-privilege-escalation vulnerability where a container image can cause volumes to override files under /proc, allowing an attacker to set arbitrary Linux Security Modules (LSM) and docker_t policies. The issue arises when /proc files can be overri...

CVE-2015-3630

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

CVE-2015-3627

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image...

CVE-2015-3627

CVE-2015-3627 describes a symlink-based privilege escalation in Libcontainer and Docker Engine where a file-descriptor is opened before performing chroot, enabling a local attacker to gain elevated privileges via a crafted Dockerfile or image. IBM bulletin coverage confirms this vulnerability wit...

CVE-2015-3629

CVE-2015-3629 : Affects Libcontainer 1.6.0, as used in Docker Engine. If a container is respawned, an attacker can perform a symlink attack to escape the container and write to arbitrary files on the host via the mount namespace, enabling local container breakout and host impact. The issue is doc...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

PT-2015-6247 · Docker +2 · Libcontainer +4

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Libcontainer versions prior to 1.6.1 Description: The issue allows local users to gain privileges via a symlink attack in an image. This occurs because Libcontainer and Docker Engine open the...

PT-2015-6250 · Docker +2 · Docker Engine +3

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. This is due to weak permissions for certain /proc...

PT-2015-6251 · Docker +2 · Docker Engine +3

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 1.6.1 Description: The issue allows local users to set arbitrary Linux Security Modules LSM and docker t policies via an image that allows volumes to override files in /proc. This can be achieved by exploiting...

PT-2015-6249 · Docker +2 · Libcontainer +3

Name of the Vulnerable Software and Affected Versions: Docker Engine using Libcontainer version 1.6.0 Description: The issue allows local users to escape containerization and write to arbitrary files on the host system via a symlink attack in an image when respawning a container. This is due to a...