The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Docker Community Edition

vulnerability alert CVE-2016-9962

Docker Engine: privilege escalation via file descriptors

Synthesis of the vulnerability

An attacker, inside a guest system, can use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Impacted products: Docker CE, Fedora, Kubernetes, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 11/01/2017.
Identifiers: CVE-2016-9962, FEDORA-2017-0200646669, FEDORA-2017-20cdb2063a, FEDORA-2017-c2c2d1be16, FEDORA-2017-dbc2b618eb, FEDORA-2017-fcd02e2c2d, openSUSE-SU-2017:1966-1, RHSA-2017:0116-01, RHSA-2017:0123-01, RHSA-2017:0127-01, SUSE-SU-2019:0573-1, SUSE-SU-2019:1264-1, VIGILANCE-VUL-21551.

Description of the vulnerability

The Docker Engine product offers cross container debugging support.

However, file descriptors inherited by new processes are not filtered, so an attacker can access files opened by a process in another container.

An attacker, inside a guest system, can therefore use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-8867

Docker Engine: privilege escalation via Ambient Capability

Synthesis of the vulnerability

An attacker can bypass restrictions via Ambient Capability of Docker Engine, in order to escalate his privileges.
Impacted products: Docker CE, openSUSE Leap.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 27/10/2016.
Identifiers: CVE-2016-8867, openSUSE-SU-2016:3009-1, VIGILANCE-VUL-20977.

Description of the vulnerability

An attacker can bypass restrictions via Ambient Capability of Docker Engine, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 20435

Docker: information disclosure via /proc/timer_list

Synthesis of the vulnerability

An attacker can read /proc/timer_list via Docker, in order to obtain sensitive information.
Impacted products: Docker CE.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 19/08/2016.
Identifiers: VIGILANCE-VUL-20435.

Description of the vulnerability

The /proc/timer_list file contains the list of system timers.

However, Dockers does not forbid access to this file.

An attacker can therefore read /proc/timer_list via Docker, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-6595

Docker: denial of service via Swarm

Synthesis of the vulnerability

A local attacker can join multiple times a Swarm of Docker, in order to trigger a denial of service.
Impacted products: Docker CE.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 04/08/2016.
Identifiers: CVE-2016-6595, VIGILANCE-VUL-20305.

Description of the vulnerability

The Docker product can be used to create Swarms to group tasks.

However, an attacker can join and leave a Swarm a thousand times, to generate a fatal error.

A local attacker can therefore join multiple times a Swarm of Docker, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-6349

Docker: information disclosure via machinectl

Synthesis of the vulnerability

An attacker can use machinectl with Docker, in order to obtain sensitive information.
Impacted products: Docker CE.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 27/07/2016.
Identifiers: CVE-2016-6349, VIGILANCE-VUL-20229.

Description of the vulnerability

The Docker product uses oci-register-machine to register to systemd-machined.

However, a local attacker can then use the machinectl command to obtain the system type and its IP address.

An attacker can therefore use machinectl with Docker, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-3697

Docker: privilege escalation via Numeric UID

Synthesis of the vulnerability

A local attacker can in some cases use an uid on Docker, in order to escalate his privileges.
Impacted products: Docker CE, Fedora, QRadar SIEM, openSUSE, RHEL.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 13/05/2016.
Identifiers: 1329450, 2004947, CVE-2016-3697, FEDORA-2016-6a0d540088, openSUSE-SU-2016:1417-1, RHSA-2016:1034-01, RHSA-2016:2634-01, VIGILANCE-VUL-19615.

Description of the vulnerability

The Docker product can be installed on a system with a numeric user id. For example, if /etc/passwd contains :
  1000::0:0:::/bin/bash
  user::1000:1000:::/bin/bash

However, permission checks are performed on user with the uid 1000, but the access is granted with user named "1000".

A local attacker can therefore in some cases use an uid on Docker, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-8178 CVE-2014-8179

Docker Engine: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Docker.
Impacted products: Docker CE, openSUSE, openSUSE Leap.
Severity: 2/4.
Consequences: data creation/edition, data flow.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/10/2015.
Identifiers: CVE-2014-8178, CVE-2014-8179, openSUSE-SU-2015:1773-1, openSUSE-SU-2015:2073-1, VIGILANCE-VUL-18131.

Description of the vulnerability

Several vulnerabilities were announced in Docker.

An attacker can use a Layer ID, in order to corrupt the graph. [severity:2/4; CVE-2014-8178]

An attacker can bypass the Manifest validation. [severity:2/4; CVE-2014-8179]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Docker Community Edition: