CVE-2016-8867

docker: Ambient capability usage in containers

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.

Docker Engine 1.12.2 habilitó capacidades ambientales con políticas de capacidad mal configuradas. Esto permitió a imágenes maliciosas eludir los permisos de usuario de acceso a archivos dentro del contenedor filesystem o volúmenes montados.

The runc version as used in docker 1.12.2 was incorrectly setting ambient capabilities for all processes executed inside containers. This caused processes of non-root users to run with unexpected privileges, allowing them to escalate their privileges to root.

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-10-21 CVE Reserved
2016-10-28 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (6)

URL	Tag	Source
http://www.securityfocus.com/bid/94228	Third Party Advisory
http://www.securitytracker.com/id/1037203	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.docker.com/docker-cve-database	2017-07-28
https://access.redhat.com/security/cve/CVE-2016-8867	2020-06-23
https://bugzilla.redhat.com/show_bug.cgi?id=1390163	2020-06-23
https://access.redhat.com/security/vulnerabilities/runc-regression-docker	2020-06-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Docker Search vendor "Docker"		Docker Search vendor "Docker" for product "Docker"				1.12.2 Search vendor "Docker" for product "Docker" and version "1.12.2"		-		Affected