ALT-PU-2015-1429-2 — docker-io

CVE-2015-3627

HIGH7.2

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

Published: 2015-05-18Modified: 2025-04-12

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2015-3629

HIGH7.8

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

Published: 2015-05-18Modified: 2025-04-12

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

CVE-2015-3630

HIGH7.2

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

Published: 2015-05-18Modified: 2025-04-12

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2015-3631

LOW3.6

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

Published: 2015-05-18Modified: 2025-04-12

CVSS 2.0LOW 3.6

CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:P

References

GHSA-8fvr-5rqf-3wwh

HIGH8.4

Information Exposure in Docker Engine

Published: 2022-02-15Modified: 2024-07-08

CVSS 3.xHIGH 8.4

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-g44j-7vp3-68cv

HIGH8.4

Arbitrary File Write in Libcontainer

Published: 2022-02-15Modified: 2024-02-02

CVSS 3.xHIGH 8.4

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

GHSA-g7v2-2qxx-wjrw

NONE

Symlink Attack in Libcontainer and Docker Engine

Published: 2022-02-15Modified: 2021-05-20

References

GHSA-v4h8-794j-g8mm

MEDIUM5.1

Arbitrary File Override in Docker Engine

Published: 2022-02-15Modified: 2024-07-08

CVSS 3.xMEDIUM 5.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

References

Package update docker-io in branch sisyphus

Closed issues (8)

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.

Information Exposure in Docker Engine

Arbitrary File Write in Libcontainer

Symlink Attack in Libcontainer and Docker Engine

Arbitrary File Override in Docker Engine