Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-8867

Опубликовано: 28 окт. 2016
Источник: debian

Описание

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
docker.ionot-affectedpackage
runcnot-affectedpackage

Примечания

  • https://github.com/docker/docker/issues/27590

  • docker: https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837 (1.12.3)

  • runc: https://github.com/opencontainers/runc/commit/a83f5bac28554fa0fd49bc1559a3c79f5907348f

  • docker.io not directly affected but will need to be updated to include new runc version

  • runc: "ambient capabilities" functionality added upstream with https://github.com/opencontainers/runc/pull/1086

  • and later changes.

  • The actual fix seem to be to revert the commit which introduced ambient capabilities

  • in runc.

Связанные уязвимости

redhat логотип

CVE-2016-8867

CVSS3: 7.5
redhat
больше 9 лет назад

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.

nvd логотип

CVE-2016-8867

CVSS3: 7.5
nvd
больше 9 лет назад

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.

suse-cvrf логотип

openSUSE-SU-2016:3009-1

suse-cvrf
около 9 лет назад

Security update for containerd, docker, runc

suse-cvrf логотип

SUSE-SU-2016:3084-1

suse-cvrf
около 9 лет назад

Security update for Docker and dependencies

suse-cvrf логотип

SUSE-SU-2025:03545-1

suse-cvrf
4 месяца назад

Security update for docker-stable