Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9357

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-9357
Last Modified 30 Dec 2014 02:33:01
Published 16 Dec 2014 01:59:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9357

Summary

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

Vulnerable Systems

Application

  • Docker 1.3.2


References

CONFIRM - https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ

BUGTRAQ - 20141212 Docker 1.3.3 - Security Advisory [11 Dec 2014]


Last Updated: 27 May 2016 11:07:18