Amazon Linux: Security Advisory (ALAS-2015-588)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-454)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : golang / docker (ALAS-2015-588)

As discussed upstream -- here and here -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers like 'Content Length:' with a space in the middle and Double Content-length headers in a request does not...

Medium: golang, docker

Issue Overview: As discussed upstream -- http://seclists.org/oss-sec/2015/q3/294 and http://seclists.org/oss-sec/2015/q3/237 -- the Go project received notification of an HTTP request smuggling vulnerability in the net/http library. Invalid headers are parsed as valid headers like "Content Length...

IVRE - A Python network recon framework, based on Nmap, Bro & p0f

IVRE Instrument de veille sur les réseaux extérieurs or DRUNK Dynamic Recon of UNKnown networks is a network recon framework, including two modules for passive recon one p0f-based and one Bro-based and one module for active recon mostly Nmap-based, with a bit of ZMap. The advertising slogans are:...

Python Network Recon Framework: ivre

IVRE Instrument de veille sur les réseaux extérieurs or DRUNK Dynamic Recon of UNKnown networks is a network recon framework, including two modules for passive recon one p0f -based and one Bro -based and one module for active recon mostly Nmap -based, with a bit of ZMap . External programs /...

Project Atomic Security Bypass Code Execution Vulnerability

Project Atomic is a suite of software that supports the creation and running of applications using Linux and Docker containers. A security vulnerability exists in Project Atomic that allows remote attackers to exploit the vulnerability to execute arbitrary code via a man-in-the-middle attack...

docker: insecure opening of file-descriptor 1 leading to privilege escalation

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image...

docker: Read/write proc paths allow host modification & information disclosure

Docker Engine before 1.6.1 uses weak permissions for 1 /proc/asound, 2 /proc/timerstats, 3 /proc/latencystats, and 4 /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image...

docker: volume mounts allow LSM profile escalation

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

docker: symlink traversal on container respawn allows local privilege escalation

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization "mount namespace breakout" and write to arbitrary file on the host system via a symlink attack in an image when respawning a container...

Moderate: Red Hat Bug Fix Advisory: docker bug fix update

Updated docker packages that fix several bugs are now available for Red Hat Enterprise Linux 7 Extras. Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. This update fixes the...

Reverse Engineering Malicious Software: REMnux Distro

REMnux v6 – A Linux Toolkit for Reverse-Engineering and Analyzing Malware – has been released. REMnux v6 updates the tools that were present in the earlier revisions of the distro and introduces several new ones. Moreover, it implements major architectural changes behind the scenes to allow REMnu...

SUSE SLES12 Security Update : docker (SUSE-SU-2015:0984-1)

The Linux container runtime environment Docker was updated to version 1.6.2 to fix several security and non-security issues. - Security : - Fix read/write /proc paths. CVE-2015-3630 - Prohibit VOLUME /proc and VOLUME /. CVE-2015-3631 - Fix opening of file-descriptor 1. CVE-2015-3627 - Fix symlink...

New Release: Kali Linux for Docker — Deploy and Play!

The Developers of one of the most advanced open source operating system for penetration testing called 'KALI Linux' have made the operating system available for Docker-addicted system administrators. But, What’s Docker? Docker is a new open-source container technology, released in June 2014, that...

Oracle Linux 6 / 7 : docker (ELSA-2015-3037)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3037 advisory. 1.6.1-1.0.1 - Update source to 1.6.1 from https://github.com/docker/docker/releases/tag/v1.6.1 Symlink traversal on container respawn allows local...

Docker Engine Arbitrary File Manipulation Vulnerability

Docker Engine is a set of lightweight runtime environments and package management tools from Docker, Inc. An arbitrary file manipulation vulnerability exists in versions of Docker Engine prior to 1.6.1, which allows local users to overwrite files in /proc by setting arbitrary Linux security modul...

docker security update

1.6.1-1.0.1 - Update source to 1.6.1 from https://github.com/docker/docker/releases/tag/v1.6.1 Symlink traversal on container respawn allows local privilege escalation CVE-2015-3629 Insecure opening of file-descriptor 1 leading to privilege escalation CVE-2015-3627 Read/write proc paths allow hos...

SUSE SLES12 Security Update : docker (SUSE-SU-2015:0082-1)

This docker version upgrade fixes the following security and non security issues, and adds the also additional features : - Updated to 1.4.1 2014-12-15 : - Runtime : - Fix issue with volumes-from and bind mounts not being honored after create fixes bnc913213 - Added e2fsprogs as runtime dependenc...

openSUSE Security Update : docker (openSUSE-2015-365)

docker was updated to version 1.6.1 to fix several security and non-security issues. - Updated to version 1.6.1 2015-05-07 bnc930235 - Security - Fix read/write /proc paths CVE-2015-3630 - Prohibit VOLUME /proc and VOLUME / CVE-2015-3631 - Fix opening of file-descriptor 1 CVE-2015-3627 - Fix...