Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-21284

Опубликовано: 02 фев. 2021
Источник: debian

Описание

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
docker.iofixed20.10.3+dfsg1-1package

Примечания

  • https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc

  • https://github.com/moby/moby/commit/1342c51d5e809d2994e6f7e490c8d2b3b12c28ae (v19.03)

  • https://github.com/moby/moby/commit/5eff67a2c294b7e72607e0949ebc0de21710e4d3 (v19.03)

  • https://github.com/moby/moby/commit/67de83e70bca92ae6a08e28a03b3fc8fcca9f3f1 (v19.03)

Связанные уязвимости

ubuntu логотип

CVE-2021-21284

CVSS3: 6.8
ubuntu
около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

redhat логотип

CVE-2021-21284

CVSS3: 6
redhat
около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

nvd логотип

CVE-2021-21284

CVSS3: 6.8
nvd
около 5 лет назад

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

msrc логотип

CVE-2021-21284

CVSS3: 6.8
msrc
больше 4 лет назад

Описание отсутствует

github логотип

GHSA-7452-xqpj-6rpc

CVSS3: 6.8
github
около 2 лет назад

moby Access to remapped root allows privilege escalation to real root