PT-2015-6249 · Docker+2 · Docker Engine+3

Tõnis Tiigi

Publicado

2015-05-08

Atualizado

2025-10-11

CVE-2015-3629

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Docker Engine using Libcontainer version 1.6.0

Description The issue allows local users to escape containerization and write to arbitrary files on the host system via a symlink attack in an image when respawning a container. This is due to a "mount namespace breakout" in Libcontainer.

Recommendations For Docker Engine using Libcontainer version 1.6.0, consider restricting access to the container respawning functionality until a patch is available. As a temporary workaround, avoid using images that may be used for symlink attacks.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

ALT-PU-2015-1429

CVE-2015-3629

GHSA-G44J-7VP3-68CV

GO-2022-0647

OPENSUSE-SU-2024:10532-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2015:0984-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

Produtos afetados

Alt Linux

Docker Engine

Libcontainer

Suse

PT-2015-6249 · Docker+2 · Docker Engine+3

CVE-2015-3629

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 272