CVE-2014-6407
published 2014-12-12CVE-2014-6407: Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.91%
91.0th percentile
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | docker.io | < docker.io 1.3.2~dfsg1-1 (bookworm) | docker.io 1.3.2~dfsg1-1 (bookworm) |
| docker | docker | <= 1.3.1 | — |
| docker | docker | — | — |
| docker | docker | — | — |
| github.com | docker_docker | >= 0 < 1.3.2 | 1.3.2 |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Arbitrary Code Execution in Docker in github.com/docker/docker
osv·2024-08-21
CVE-2014-6407 Arbitrary Code Execution in Docker in github.com/docker/docker
Arbitrary Code Execution in Docker in github.com/docker/docker
Arbitrary Code Execution in Docker in github.com/docker/docker
OSV
Arbitrary Code Execution in Docker
osv·2022-02-15
CVE-2014-6407 [HIGH] Arbitrary Code Execution in Docker
Arbitrary Code Execution in Docker
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
GHSA
Arbitrary Code Execution in Docker
ghsa·2022-02-15
CVE-2014-6407 [HIGH] CWE-59 Arbitrary Code Execution in Docker
Arbitrary Code Execution in Docker
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
OSV
CVE-2014-6407: Docker before 1
osv·2014-12-12·CVSS 7.5
CVE-2014-6407 [HIGH] CVE-2014-6407: Docker before 1
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
Microsoft
CVE-2014-6407: NIST NVD Details: https://nvd
vendor_msrc·2021-07-13·CVSS 7.5
CVE-2014-6407 [HIGH] CVE-2014-6407: NIST NVD Details: https://nvd
NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2014-6407
Mariner: Mariner
[email protected]: [email protected]
Exploit Status: DOS:N/A
Remediation: moby-buildx
Red Hat
docker: directory traversal flaw in docker
vendor_redhat·2017-10-16·CVSS 7.5
CVE-2014-3605 [HIGH] docker: directory traversal flaw in docker
docker: directory traversal flaw in docker
[REJECTED CVE] Docker is vulnerable to directory traversal flaws. If a local user were to use a command, such as "docker pull", to install a docker container, a specially crafted tarball could lead to arbitrary files on the host being overwritten.
Statement: This flaw was found to be a duplicate of CVE-2014-6407. Please see https://access.redhat.com/security/cve/CVE-2014-6407 for information about affected products and security errata.
Package: docker (Red Hat Enterprise Linux 7) - Not affected
Red Hat
docker: symbolic and hardlink issues leading to privilege escalation
vendor_redhat·2014-11-24·CVSS 7.5
CVE-2014-6407 [HIGH] CWE-59 docker: symbolic and hardlink issues leading to privilege escalation
docker: symbolic and hardlink issues leading to privilege escalation
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
Statement: This issue affects the versions of Docker as shipped with Red Hat Enterprise Linux 7. However, this flaw is not known to be exploitable under any supported scenario. A future update may address this issue.
Red Hat does not support or recommend running untrusted images.
Debian
CVE-2014-6407: docker.io - Docker before 1.3.2 allows remote attackers to write to arbitrary files and exec...
vendor_debian·2014·CVSS 7.5
CVE-2014-6407 [HIGH] CVE-2014-6407: docker.io - Docker before 1.3.2 allows remote attackers to write to arbitrary files and exec...
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
Scope: local
bookworm: resolved (fixed in 1.3.2~dfsg1-1)
bullseye: resolved (fixed in 1.3.2~dfsg1-1)
forky: resolved (fixed in 1.3.2~dfsg1-1)
sid: resolved (fixed in 1.3.2~dfsg1-1)
trixie: resolved (fixed in 1.3.2~dfsg1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [epel-6]
bugzilla·2014-11-25·CVSS 7.5
CVE-2014-6408 [HIGH] CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [epel-6]
CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 tracking bug for docker-io: see blocks bug list for full det
Bugzilla
CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [fedora-all]
bugzilla·2014-11-25·CVSS 7.5
CVE-2014-6408 [HIGH] CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [fedora-all]
CVE-2014-6408 CVE-2014-6407 docker-io: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Whil
Bugzilla
CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation
bugzilla·2014-11-25·CVSS 7.5
CVE-2014-6407 [HIGH] CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation
CVE-2014-6407 docker: symbolic and hardlink issues leading to privilege escalation
The following flaw has been fixed in Docker 1.3.2:
""
The Docker engine, up to and including version 1.3.1, was vulnerable to
extracting files to arbitrary paths on the host during ‘docker pull’ and
‘docker load’ operations. This was caused by symlink and hardlink
traversals present in Docker's image extraction. This vulnerability could
be leveraged to perform remote code execution and privilege escalation.
Docker 1.3.2 remedies this vulnerability. Additional checks have been added
to pkg/archive and image extraction is now performed in a chroot. No
remediation is available for older versions of Docker and users are advised
to upgrade.
""
Acknowledgements:
Red Hat would like to thank the Docker project
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.htmlhttp://secunia.com/advisories/60171http://secunia.com/advisories/60241http://www.openwall.com/lists/oss-security/2014/11/24/5https://docs.docker.com/v1.3/release-notes/http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.htmlhttp://secunia.com/advisories/60171http://secunia.com/advisories/60241http://www.openwall.com/lists/oss-security/2014/11/24/5https://docs.docker.com/v1.3/release-notes/
2014-12-12
Published