Vulnerability Description
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Docker | Libcontainer | 1.6.0 |
| Opensuse | Opensuse | 13.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.htmlMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-InformatThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/May/28Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/74558Broken LinkThird Party AdvisoryVDB Entry
- https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrPermissions Required
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.htmlMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-InformatThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/May/28Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/74558Broken LinkThird Party AdvisoryVDB Entry
- https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrPermissions Required
FAQ
What is CVE-2015-3629?
CVE-2015-3629 is a vulnerability with a CVSS score of 7.8 (HIGH). Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image...
How severe is CVE-2015-3629?
CVE-2015-3629 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3629?
Check the references section above for vendor advisories and patch information. Affected products include: Docker Libcontainer, Opensuse Opensuse.