CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-11468 – docker-distribution: Does not properly restrict the amount of content accepted from a user
https://notcve.org/view.php?id=CVE-2017-11468
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. Docker Registry anterior a versión 2.6.2 en Docker Distribution, no restringe apropiadamente la cantidad de contenido aceptado por un usuario, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de memoria) por medio un endpoint manifest. It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html https://access.redhat.com/errata/RHSA-2017:2603 https://github.com/docker/distribution/pull/2340 https://github.com/docker/distribution/releases/tag/v2.6.2 https://access.redhat.com/security/cve/CVE-2017-11468 https://bugzilla.redhat.com/show_bug.cgi?id=1474893 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9962 – docker: insecure opening of file-descriptor allows privilege escalation
https://notcve.org/view.php?id=CVE-2016-9962
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. RunC permitió procesos de contenedores adicionales a través de 'runc exec' para ser ptraced por el pid 1 del contenedor. Esto permite a los principales procesos del contenedor, si se ejecutan como root, obtener acceso a los descriptores de archivo de estos nuevos procesos durante la inicialización y puede conducir a escapes de contenedores o modificación del estado de runC antes de que el proceso sea totalmente ubicado dentro del contenedor. The runc component used by `docker exec` feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. • http://rhn.redhat.com/errata/RHSA-2017-0116.html http://rhn.redhat.com/errata/RHSA-2017-0123.html http://rhn.redhat.com/errata/RHSA-2017-0127.html http://seclists.org/fulldisclosure/2017/Jan/21 http://seclists.org/fulldisclosure/2017/Jan/29 http://www.securityfocus.com/archive/1/540001/100/0/threaded http://www.securityfocus.com/bid/95361 https://access.redhat.com/security/vulnerabilities/cve-2016-9962 https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6 https:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6595
https://notcve.org/view.php?id=CVE-2016-6595
The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. • http://www.openwall.com/lists/oss-security/2016/08/04/1 http://www.openwall.com/lists/oss-security/2016/09/02/1 http://www.openwall.com/lists/oss-security/2016/09/02/8 http://www.securityfocus.com/bid/92195 http://www.securitytracker.com/id/1036548 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8867 – docker: Ambient capability usage in containers
https://notcve.org/view.php?id=CVE-2016-8867
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. Docker Engine 1.12.2 habilitó capacidades ambientales con políticas de capacidad mal configuradas. Esto permitió a imágenes maliciosas eludir los permisos de usuario de acceso a archivos dentro del contenedor filesystem o volúmenes montados. The runc version as used in docker 1.12.2 was incorrectly setting ambient capabilities for all processes executed inside containers. • http://www.securityfocus.com/bid/94228 http://www.securitytracker.com/id/1037203 https://www.docker.com/docker-cve-database https://access.redhat.com/security/cve/CVE-2016-8867 https://bugzilla.redhat.com/show_bug.cgi?id=1390163 https://access.redhat.com/security/vulnerabilities/runc-regression-docker • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3697 – docker: privilege escalation via confusion of usernames and UIDs
https://notcve.org/view.php?id=CVE-2016-3697
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container. libcontainer/user/user.go en runC en versiones anteriores a 0.1.0, tal como se utiliza en Docker en versiones anteriores a 1.11.2, trata indebidamente un UID numérico como un nombre de usuario potencial, lo que permite a usuarios locales obtener privilegios a través de un nombre de usuario numérico en el archivo password en un contenedor. It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html http://rhn.redhat.com/errata/RHSA-2016-1034.html http://rhn.redhat.com/errata/RHSA-2016-2634.html https://github.com/docker/docker/issues/21436 https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 https://github.com/opencontainers/runc/pull/708 https://github.com/opencontainers/runc/releases/tag/v0.1.0 https://security.gentoo.org/glsa/201612-28 https://access.redhat.com/security/cve/CVE- • CWE-264: Permissions, Privileges, and Access Controls •