Fluid Attacks Database

Description

Symlink Attack in Libcontainer and Docker Engine Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/docker/docker	>=0 <1.6.1	1.6.1
debian 12	docker.io	>=0 <1.6.1+dfsg1-1	1.6.1+dfsg1-1
debian 11	docker.io	>=0 <1.6.1+dfsg1-1	1.6.1+dfsg1-1
debian 13	docker.io	>=0 <1.6.1+dfsg1-1	1.6.1+dfsg1-1
debian 14	docker.io	>=0 <1.6.1+dfsg1-1	1.6.1+dfsg1-1

Aliases

1. CVE-2015-36272. NVD-2015-36273. OSV-2015-36274. OSV-DEBIAN-2015-36275. GCVE-2015-36276. SECURITY-TRACKER-CVE-2015-3627

References

1. https://github.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba2. https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ3. https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ4. https://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html5. https://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html6. https://seclists.org/fulldisclosure/2015/May/28

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.