Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16539

Опубликовано: 03 нояб. 2017
Источник: redhat
CVSS3: 7.5

Описание

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7dockerNot affected
Red Hat Enterprise Linux 7docker-latestNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1516205docker: The DefaultLinuxSpec function does not block /proc/scsi pathnames

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16539

CVSS3: 5.9
ubuntu
больше 8 лет назад

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.

nvd логотип

CVE-2017-16539

CVSS3: 5.9
nvd
больше 8 лет назад

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.

debian логотип

CVE-2017-16539

CVSS3: 5.9
debian
больше 8 лет назад

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby throug ...

github логотип

GHSA-vfjc-2qcw-j95j

CVSS3: 5.9
github
больше 3 лет назад

The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.

suse-cvrf логотип

openSUSE-SU-2018:0406-1

suse-cvrf
почти 8 лет назад

Security update for docker, docker-runc, containerd, golang-github-docker-libnetwork

7.5 High

CVSS3