Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.2
CVSSv2

CVE-2018-15664

Published: 23/05/2019 Updated: 25/06/2019
CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9
CVSS v3 Base Score: 7.5 | Impact Score: 6 | Exploitability Score: 0.8
VMScore: 554
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Docker

Vulnerability Summary

In Docker up to and including 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

docker docker 17.06.2-ce

docker docker 17.07.0-ce

docker docker 17.06.0-ce

docker docker 17.09.0-ce

docker docker 17.09.1-ce-

docker docker 17.12.0-ce

docker docker 17.12.1-ce

docker docker 18.03.1-ce

docker docker 18.04.0-ce

docker docker 18.05.0-ce

docker docker 17.06.1-ce

docker docker 17.09.1-ce

docker docker 17.10.0-ce

docker docker 18.01.0-ce

docker docker 18.02.0-ce

docker docker 18.03.0-ce

docker docker 18.06.0-ce

docker docker 17.11.0-ce

docker docker 18.06.1-ce

Vendor Advisories

Red Hat: Moderate: docker security and bug fix update
Synopsis Moderate: docker security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for docker is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVS ...
Debian CVElist Bug Report Logs: docker.io: CVE-2018-15664
Debian Bug report logs - #929662 dockerio: CVE-2018-15664 Package: src:dockerio; Maintainer for src:dockerio is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 May 2019 04:48:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in versions ...
Ubuntu Security Notice: Docker vulnerabilities
Docker could be made to overwrite files as the administrator ...
Amazon Linux AMI: ALAS-2019-1245
A flaw was discovered in the API endpoint behind the 'docker cp' command The endpoint is vulnerable to a Time Of Check to Time Of Use (TOCTOU) vulnerability in the way it handles symbolic links inside a container An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an admin ...
Amazon Linux 2: ALAS2DOCKER-2021-004
A flaw was discovered in the API endpoint behind the 'docker cp' command The endpoint is vulnerable to a Time Of Check to Time Of Use (TOCTOU) vulnerability in the way it handles symbolic links inside a container An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an admin ...
Amazon Linux 2: ALAS2NITRO-ENCLAVES-2021-004
A flaw was discovered in the API endpoint behind the 'docker cp' command The endpoint is vulnerable to a Time Of Check to Time Of Use (TOCTOU) vulnerability in the way it handles symbolic links inside a container An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an admin ...
Red Hat: CVE-2018-15664
Impact: Important Public Date: 2019-05-23 CWE: CWE-59->CWE-22 Bugzilla: 1714722: CVE-2018-15664 dock ...
Arch Linux Issues:
A race condition with symbolic links has been found in Docker, allowing read-write access to the host and guest file-systems ...

Mailing Lists

Full Disclosure: RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack <!--X-Subject-Header-End--> <!--X-Head-of-Mes ...

Recent Articles

Microsoft Patch Tuesday – July 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 10 Jul 2024

This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.

Posted: 10 Jul, 201922 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – July 2019This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid h...

Read more...
It's 2019 and SQL Server can be pwned by an SQL query, DHCP failover server failed by a packet, Edge, IE by webpages...
The Register • Shaun Nichols in San Francisco • 10 Jul 2019

Meanwhile, Adobe gives Flash the month off. SAP emits fixes, though Huawei website ████ ██████ security flaws ██████ customer info and biz operations at risk: ███████ patched

Patch Tuesday Summer is now firmly upon us, and depending on where you are, the weather could be just about anything from stupidly hot to unbearably wet and cold right now given the state of the climate. Well, anyway, Microsoft, Adobe, and SAP have dropped the July editions of their monthly security updates, so there's at least one storm to weather. How's that for a silky smooth transition? For Microsoft, July brings fixes for a total of 78 CVE-listed vulnerabilities. Among the more serious flaw...

Read more...
Contain yourself, Docker: Race-condition bug puts host machines at risk... sometimes, ish
The Register • Shaun Nichols in San Francisco • 29 May 2019

Tricky to exploit in the real world, which is good because no official fix is available yet Docker made itself popular with devs. Now it has to make itself essential for biz. But how? Ah ha! Pay-as-you-go enterprise features

A vulnerability in all versions of Docker can be potentially exploited by miscreants to escape containers' security protections, and read and write data on host machines, possibly leading to code execution. This is according to senior SUSE software engineer Aleksa Sarai, who said the flaw is a race condition bug in which a file path is changed after it has been checked as valid, and, crucially, before it is used. The flaw, designated CVE-2018-15664, can be, in certain circumstances, abused to re...

Read more...

References

CWE-362https://github.com/moby/moby/pull/39252https://bugzilla.suse.com/show_bug.cgi?id=1096726http://www.openwall.com/lists/oss-security/2019/05/28/1http://www.securityfocus.com/bid/108507https://access.redhat.com/security/cve/cve-2018-15664http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.htmlhttps://usn.ubuntu.com/4048-1/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664https://access.redhat.com/errata/RHSA-2019:1910http://www.openwall.com/lists/oss-security/2019/08/21/1http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.htmlhttps://access.redhat.com/errata/RHSA-2019:1910https://nvd.nist.govhttps://usn.ubuntu.com/4048-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook