Fluid Attacks Database

Description

Arbitrary File Write in Libcontainer Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/docker/docker	>=1.6.0 <1.6.1	1.6.1
debian 13	docker.io	>=0 <1.6.1+dfsg1-1	1.6.1+dfsg1-1
debian 11	docker.io	>=0 <1.6.1+dfsg1-1	1.6.1+dfsg1-1
debian 12	docker.io	>=0 <1.6.1+dfsg1-1	1.6.1+dfsg1-1
debian 14	docker.io	>=0 <1.6.1+dfsg1-1	1.6.1+dfsg1-1

Aliases

1. CVE-2015-36292. NVD-2015-36293. OSV-2015-36294. OSV-DEBIAN-2015-36295. GCVE-2015-36296. SECURITY-TRACKER-CVE-2015-3629

References

1. https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba2. https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ3. https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ4. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-36295. http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html6. http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html7. http://seclists.org/fulldisclosure/2015/May/288. http://www.securityfocus.com/bid/74558