Privilege Escalation Vulnerability in Docker Engine by Docker, Inc.
CVE-2015-3627

Currently unrated

Key Information:

Vendor

Docker

Status
Libcontainer
Docker
Vendor
CVE Published:
18 May 2015

What is CVE-2015-3627?

The vulnerability in Docker Engine versions prior to 1.6.1 arises from improper handling of file descriptors passed to the pid-1 process. Specifically, the image's chroot is performed after the file descriptor is opened, which can be exploited through a symlink attack by local users. This flaw potentially allows these users to gain elevated privileges within the Docker container environment, posing significant security risks if left unaddressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://groups.google.com/forum/#%21searchin/docker-user/...
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2015/May/28
mailing-listx_refsource_FULLDISC
http://lists.opensuse.org/opensuse-updates/2015-05/msg000...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.