CVE-2015-3627
https://notcve.org/view.php?id=CVE-2015-3627
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. Libcontainer and Docker Engine anterior a 1.6.1 abre el descriptor de ficheros pasado al proceso pid-1 antes de realizar el chroot, lo que permite a usuarios locales ganar privilegios a través de una ataque de enlace simbólico en una imagen. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/May/28 https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2015-3629
https://notcve.org/view.php?id=CVE-2015-3629
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. Libcontainer 1.6.0, utilizado en Docker Engine, permite a usuarios locales escapar de la contenadorización ('montar la liberación del espacio de nombre') y escribir en ficheros arbitrarios en el sistema de anfitrión a través de un ataque de enlace simbólico en una imagen cuando se hace renacer un contenador. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/May/28 http://www.securityfocus.com/bid/74558 https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2015-3630
https://notcve.org/view.php?id=CVE-2015-3630
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. Docker Engine anterior a 1.6.1 utiliza permisos débiles para (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, y (4) /proc/fs, lo que permite a usuarios locales modificar el anfitrión, obtener información sensible y realizar ataques de la degradación de protocolos a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/May/28 http://www.securityfocus.com/bid/74566 https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-3631
https://notcve.org/view.php?id=CVE-2015-3631
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. Docker Engine anterior a 1.6.1 permite a usuarios locales configurar políticas arbitrarias de Linux Security Modules (LSM) y docker_t a través de una imagen que permite los volúmenes sobrepasar los ficheros en /proc. • http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html http://seclists.org/fulldisclosure/2015/May/28 https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-9357 – docker: Escalation of privileges during decompression of LZMA archives
https://notcve.org/view.php?id=CVE-2014-9357
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. Docker 1.3.2 permite a atacantes remotos ejecutar código arbitrario con privilegios root a través de (1) una imagen manipulada o (2) un build manipulado en in fichero Docker en un archivo LZMA (.xz), relacionado con el chroot para la extracción de archivos. A flaw was found in the way the Docker service unpacked images or builds after a "docker pull". An attacker could use this flaw to provide a malicious image or build that, when unpacked, would escalate their privileges on the system. • http://www.securityfocus.com/archive/1/534215/100/0/threaded https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ https://access.redhat.com/security/cve/CVE-2014-9357 https://bugzilla.redhat.com/show_bug.cgi?id=1172782 • CWE-264: Permissions, Privileges, and Access Controls •