Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Docker < 1.6.1 Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Docker is prone to multiple vulnerabilities.
Insight
Insight
The following vulnerabilities exist: - CVE-2015-3627: Docker opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. - CVE-2015-3629: Docker allows local users to escape containerization ('mount namespace breakout') and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. - CVE-2015-3630: Docker uses weak permissions for /proc/asound, /proc/timer_stats, /proc/latency_stats, and /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. - CVE-2015-3631: Docker allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
Affected Software
Affected Software
Docker through version 1.6.0.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 1.6.1 or later.