Skip to main content

Docker Multiple Vulnerabilities

Last Update Date: 29 Dec 2014 10:13 Release Date: 29 Dec 2014 4026 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

Multiple vulnerabilities have been identified in Docker, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to manipulate certain data.

  1. An error when extracting images or mounting volumes can be exploited to e.g. manipulate certain files on the host file system via symlink attacks.
  2. The application does not properly validate Image IDs during "docker load" operation or registry communications. This can be exploited to e.g. manipulate a graph via directory traversal sequences.
  3. An error when handling xz archive files can be exploited to gain elevated privileges and execute arbitrary code with root privileges on the host.

Impact

  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

  • Versions prior to 1.3.3.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.3.3.

Vulnerability Identifier


Related Link