CVE-2014-6407

Опубликовано: 24 нояб. 2014

Источник: redhat

CVSS2: 3.7

Описание

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

Отчет

This issue affects the versions of Docker as shipped with Red Hat Enterprise Linux 7. However, this flaw is not known to be exploitable under any supported scenario. A future update may address this issue. Red Hat does not support or recommend running untrusted images.

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-59

https://bugzilla.redhat.com/show_bug.cgi?id=1167505docker: symbolic and hardlink issues leading to privilege escalation

3.7 Low

CVSS2

Связанные уязвимости

CVE-2014-6407

ubuntu

около 11 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

CVE-2014-6407

nvd

около 11 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

CVE-2014-6407

msrc

больше 4 лет назад

Описание отсутствует

CVE-2014-6407

debian

около 11 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary file ...

GHSA-5qgp-p5jc-w2rm

CVSS3: 7.3

github

почти 4 года назад

Arbitrary Code Execution in Docker

3.7 Low

CVSS2