CVE-2014-6408

描述

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

受影響套件(3)

• Debian/docker.iofrom 0, < 1.3.2~dfsg1-1
• Go/github.com/docker/docker>= 1.3.0, < 1.3.2
• Go/github.com/docker/docker>= 1.3.0, < 1.3.2

參考連結(11)

• ADVISORYhttps://github.com/advisories/GHSA-44gg-pmqr-4669
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-6408
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-6408
• WEBhttps://docs.docker.com/v1.3/release-notes
• WEBhttps://github.com/docker/docker/commit/c9379eb3fbbc484c056f5a5e49d8d0b755a29c45
• WEBhttps://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html
• WEBhttps://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
• WEBhttps://secunia.com/advisories/60171
• WEBhttps://secunia.com/advisories/60241
• WEBhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6408
• WEBhttps://www.openwall.com/lists/oss-security/2014/11/24/5