Docker Multiple Vulnerabilities
Last Update Date:
29 Dec 2014 10:13
Release Date:
29 Dec 2014
4026
Views
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities have been identified in Docker, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to manipulate certain data.
- An error when extracting images or mounting volumes can be exploited to e.g. manipulate certain files on the host file system via symlink attacks.
- The application does not properly validate Image IDs during "docker load" operation or registry communications. This can be exploited to e.g. manipulate a graph via directory traversal sequences.
- An error when handling xz archive files can be exploited to gain elevated privileges and execute arbitrary code with root privileges on the host.
Impact
- Security Restriction Bypass
- Data Manipulation
System / Technologies affected
- Versions prior to 1.3.3.
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 1.3.3.
Vulnerability Identifier
Related Link
Share with