Docker Multiple Vulnerabilities

Last Update Date: 29 Dec 2014 10:13 Release Date: 29 Dec 2014 3889 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Docker, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to manipulate certain data.

  1. An error when extracting images or mounting volumes can be exploited to e.g. manipulate certain files on the host file system via symlink attacks.
  2. The application does not properly validate Image IDs during "docker load" operation or registry communications. This can be exploited to e.g. manipulate a graph via directory traversal sequences.
  3. An error when handling xz archive files can be exploited to gain elevated privileges and execute arbitrary code with root privileges on the host.

Impact

  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

  • Versions prior to 1.3.3.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.3.3.

Vulnerability Identifier

Related Link

Share with

Previous

"Misfortune Cookie" Vulnerability on Multiple Broadband Routers

22 Dec 2014 3955 Views

Next

Windows Kernel Elevation of Privilege Vulnerability

5 Jan 2015 4046 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY