CVE-2015-3629
published 2015-05-18CVE-2015-3629: Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the…
PriorityP335high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.60%
44.4th percentile
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | docker.io | < docker.io 1.6.1+dfsg1-1 (bookworm) | docker.io 1.6.1+dfsg1-1 (bookworm) |
| docker | libcontainer | — | — |
| github.com | docker_docker | >= 1.6.0 < 1.6.1 | 1.6.1 |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
docker: symlink traversal on container respawn allows local privilege escalation
vendor_redhat·2015-05-07·CVSS 7.8
CVE-2015-3629 [HIGH] CWE-22 docker: symlink traversal on container respawn allows local privilege escalation
docker: symlink traversal on container respawn allows local privilege escalation
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
Debian
CVE-2015-3629: docker.io - Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape conta...
vendor_debian·2015·CVSS 7.8
CVE-2015-3629 [HIGH] CVE-2015-3629: docker.io - Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape conta...
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
Scope: local
bookworm: resolved (fixed in 1.6.1+dfsg1-1)
bullseye: resolved (fixed in 1.6.1+dfsg1-1)
forky: resolved (fixed in 1.6.1+dfsg1-1)
sid: resolved (fixed in 1.6.1+dfsg1-1)
trixie: resolved (fixed in 1.6.1+dfsg1-1)
OSV
Arbitrary File Write in Libcontainer in github.com/docker/docker
osv·2024-08-21
CVE-2015-3629 Arbitrary File Write in Libcontainer in github.com/docker/docker
Arbitrary File Write in Libcontainer in github.com/docker/docker
Arbitrary File Write in Libcontainer in github.com/docker/docker
GHSA
Arbitrary File Write in Libcontainer
ghsa·2022-02-15
CVE-2015-3629 [HIGH] CWE-59 Arbitrary File Write in Libcontainer
Arbitrary File Write in Libcontainer
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
OSV
Arbitrary File Write in Libcontainer
osv·2022-02-15
CVE-2015-3629 [HIGH] Arbitrary File Write in Libcontainer
Arbitrary File Write in Libcontainer
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
OSV
CVE-2015-3629: Libcontainer 1
osv·2015-05-18·CVSS 7.8
CVE-2015-3629 [HIGH] CVE-2015-3629: Libcontainer 1
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-3629 docker-io: docker: symlink traversal on container respawn allows local privilege escalation [fedora-all]
bugzilla·2015-05-08·CVSS 7.8
CVE-2015-3629 [HIGH] CVE-2015-3629 docker-io: docker: symlink traversal on container respawn allows local privilege escalation [fedora-all]
CVE-2015-3629 docker-io: docker: symlink traversal on container respawn allows local privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issu
Bugzilla
CVE-2015-3629 docker-io: docker: symlink traversal on container respawn allows local privilege escalation [epel-6]
bugzilla·2015-05-08·CVSS 7.8
CVE-2015-3629 [HIGH] CVE-2015-3629 docker-io: docker: symlink traversal on container respawn allows local privilege escalation [epel-6]
CVE-2015-3629 docker-io: docker: symlink traversal on container respawn allows local privilege escalation [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-6 trackin
Bugzilla
CVE-2015-3629 docker: symlink traversal on container respawn allows local privilege escalation
bugzilla·2015-05-06·CVSS 7.8
CVE-2015-3629 [HIGH] CVE-2015-3629 docker: symlink traversal on container respawn allows local privilege escalation
CVE-2015-3629 docker: symlink traversal on container respawn allows local privilege escalation
The following flaw was reported in Docker:
Libcontainer version 1.6.0 introduced changes which facilitated a mount namespace breakout upon respawn of a container. This allowed malicious images to write files to the host system and escape containerization.
Libcontainer and Docker Engine 1.6.1 address this vulnerability.
Acknowledgements:
Red Hat would like to thank Eric Windisch of the Docker project for reporting this issue.
Discussion:
This issue is exploitable by malicious Docker images. Red Hat supports images from it's own registry, ISV images certified by the Red Hat certification program, and images using qualified customer content.
---
Created docker-io tracking bugs for this issu
CWE
Improper Link Resolution Before File Access ('Link Following')
mitre_cwe
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-59: Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Background: Soft links are a UNIX term that is synonymous with simple shortcuts on Windows-based platforms.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Confidentiality, Integrity, Access Control. Impact: Read Files or Directories, Modify Files or Directories, Bypass Protection Mechanism. An attacker may be able to traverse the file system to unintended locations and read or overwrite the contents of unexpe
CWE
UNIX Symbolic Link (Symlink) Following
mitre_cwe
CWE-61 UNIX Symbolic Link (Symlink) Following
CWE-61: UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
A product that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.
Modes of Introduction:
Phase: Implementation
Note: These are typically reported for temporary files or privileged
http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.htmlhttp://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2015/May/28http://www.securityfocus.com/bid/74558https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJhttp://lists.opensuse.org/opensuse-updates/2015-05/msg00023.htmlhttp://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2015/May/28http://www.securityfocus.com/bid/74558https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ
2015-05-18
Published