CVE-2014-3499 – docker: systemd socket activation results in privilege escalation

https://notcve.org/view.php?id=CVE-2014-3499

01 Jul 2014 — Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. Docker 1.0.0 utiliza permisos de lectura universal y escritura universal en el socket de gestión, lo que permite a usuarios locales ganar privilegios a través de vectores no especificados. Docker is a service providing container management on Linux. It was found that the socket used to manage the Docker service was world readable and writable. A local... • http://rhn.redhat.com/errata/RHSA-2014-0820.html • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •