Docker Local Privilege Escalation Vulnerability (CVE-2014-3499)
Release date:
Updated on:
Affected Systems:
Docker
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68303
CVE (CAN) ID: CVE-2014-3499
Docker is a service on Linux that provides container management.
The socket used to manage Docker services is globally readable and writable. Local Users can exploit this vulnerability to escalate their permissions to root.
<* Source: Jon Stanley
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 1111687
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Docker
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.docker.com/
New virtualization options for the open-source project Docker and Red Hat
Dockerlite: lightweight Linux Virtualization
Detailed explanation of the entire process of building Gitlab CI for Docker
What is the difference between Docker and a normal Virtual Machine?
Use MySQL in Docker
Docker will change everything
Official version of Docker 1.0 is released and downloaded