Stories
Slash Boxes
Comments

SoylentNews is people

Unpatched Flaw Affects All Docker Versions, Exploits Ready

posted by martyb on Wednesday May 29 2019, @11:07PM   Printer-friendly
from the what-to-do-now? dept.

Fnord666 writes:

All versions of Docker are currently vulnerable to a race condition that could give an attacker both read and write access to any file on the host system. Proof-of-concept code has been released.

The flaw is similar to CVE-2018-15664 and it offers a window of opportunity for hackers to modify resource paths after resolution but before the assigned program starts operating on the resource. This is known as a time-to-check-time-to-use (TOCTOU) type of bug.

Source:
https://www.bleepingcomputer.com/news/security/unpatched-flaw-affects-all-docker-versions-exploits-ready/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Unpatched Flaw Affects All Docker Versions, Exploits Ready | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by epitaxial on Thursday May 30 2019, @03:15AM

    by epitaxial (3165) on Thursday May 30 2019, @03:15AM (#849178)

    Lazy coders use them to distribute their bullshit projects. Here take this untrusted filesystem image and mount it. Nothing bad will ever happen.

    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5