Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2015-3627

Published: 18/05/2015 Updated: 07/11/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Docker

Vulnerability Summary

Libcontainer and Docker Engine prior to 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

docker libcontainer

docker docker

Vendor Advisories

Debian CVElist Bug Report Logs: docker.io: CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-3631
Debian Bug report logs - #784726 dockerio: CVE-2015-3627 CVE-2015-3629 CVE-2015-3630 CVE-2015-3631 Package: src:dockerio; Maintainer for src:dockerio is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 8 May 2015 04:57:01 UTC Severity: grave Tags: fixed-upstrea ...
Amazon Linux AMI: ALAS-2015-522
The file-descriptor passed by libcontainer to the pid-1 process of a container has been found to be opened prior to performing the chroot, allowing insecure open and symlink traversal This allows malicious container images to trigger a local privilege escalation (CVE-2015-3627) Libcontainer version 160 introduced changes which facilitated a mou ...
Red Hat: CVE-2015-3627
Libcontainer and Docker Engine before 161 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image ...

Github Repositories

https://github.com/k4lii/report-cve

Description CVE info extractor: use NVD CPE api to retrieve CVES(by using version number, product name) and use openCVE api to fetch CVE details (OpenCVE is faster than NVD Api but dont provide products version number researsh) Volumes /CVE_extractor/OPSToolsjson:/home/OPSToolsjson /CVE_extractor/configjson:/home/configjson confi

References

CWE-59http://seclists.org/fulldisclosure/2015/May/28http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.htmlhttp://lists.opensuse.org/opensuse-updates/2015-05/msg00023.htmlhttps://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784726https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-3627https://alas.aws.amazon.com/ALAS-2015-522.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook