CVE-2016-3697
docker: privilege escalation via confusion of usernames and UIDs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
libcontainer/user/user.go en runC en versiones anteriores a 0.1.0, tal como se utiliza en Docker en versiones anteriores a 1.11.2, trata indebidamente un UID numérico como un nombre de usuario potencial, lo que permite a usuarios locales obtener privilegios a través de un nombre de usuario numérico en el archivo password en un contenedor.
It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-03-30 CVE Reserved
- 2016-05-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 | Third Party Advisory | |
https://github.com/opencontainers/runc/pull/708 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/docker/docker/issues/21436 | 2021-01-05 | |
https://github.com/opencontainers/runc/releases/tag/v0.1.0 | 2021-01-05 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html | 2021-01-05 | |
http://rhn.redhat.com/errata/RHSA-2016-1034.html | 2021-01-05 | |
http://rhn.redhat.com/errata/RHSA-2016-2634.html | 2021-01-05 | |
https://security.gentoo.org/glsa/201612-28 | 2021-01-05 | |
https://access.redhat.com/security/cve/CVE-2016-3697 | 2016-11-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1329450 | 2016-11-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | <= 1.11.1 Search vendor "Docker" for product "Docker" and version " <= 1.11.1" | - |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | <= 0.0.9 Search vendor "Linuxfoundation" for product "Runc" and version " <= 0.0.9" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
|