docker: CVE-2018-15664 #1965
Labels
security
Topic/issue involves a security issue/fixed
Comments
MingcongBai
added
security
|
Duplication with #1891. Closing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE IDs: CVE-2018-15664
Descriptions:
The basic premise of this attack is that FollowSymlinkInScope suffers from a fairly fundamental TOCTOU attack. The purpose of FollowSymlinkInScope is to take a given path and safely resolve it as though the process was inside the container. After the full path has been resolved, the resolved path is passed around a bit and then operated on a bit later (in the case of 'docker cp' it is opened when creating the archive that is streamed to the client). If an attacker can add a symlink component to the path after the resolution but before it is operated on, then you could end up resolving the symlink path component on the host as root. In the case of 'docker cp' this gives you read and write access to any path on the host.
Patches: moby/moby#39252
PoC(s): https://bugzilla.suse.com/show_bug.cgi?id=1096726
Architectural progress:
amd64arm64armelThe text was updated successfully, but these errors were encountered: