Описание
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 3 | Security | Affected | ||
| Red Hat Enterprise Linux 7 Extras | docker | Fixed | RHSA-2016:1034 | 12.05.2016 |
| Red Hat Enterprise Linux 7 Extras | docker | Fixed | RHSA-2016:2634 | 03.11.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
6 Medium
CVSS2
Связанные уязвимости
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
libcontainer/user/user.go in runC before 0.1.0, as used in Docker befo ...
EPSS
6 Medium
CVSS2