SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Unpatched Flaw Affects All Docker Versions, Exploits Ready
Date    Wednesday May 29 2019, @11:07PM
Author    martyb
Topic   
from the what-to-do-now? dept.
https://soylentnews.org/article.pl?sid=19/05/29/1839201

Fnord666 writes:

All versions of Docker are currently vulnerable to a race condition that could give an attacker both read and write access to any file on the host system. Proof-of-concept code has been released.

The flaw is similar to CVE-2018-15664 and it offers a window of opportunity for hackers to modify resource paths after resolution but before the assigned program starts operating on the resource. This is known as a time-to-check-time-to-use (TOCTOU) type of bug.

Source:
https://www.bleepingcomputer.com/news/security/unpatched-flaw-affects-all-docker-versions-exploits-ready/

Original Submission

Links
  1. "Fnord666" - https://soylentnews.org/~Fnord666/
  2. "CVE-2018-15664" - https://nvd.nist.gov/vuln/detail/CVE-2018-15664
  3. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=34086
© Copyright 2023 - SoylentNews, All Rights Reserved

printed from SoylentNews, Unpatched Flaw Affects All Docker Versions, Exploits Ready on 2023-06-18 07:42:18