CVE-2015-3629

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
dockerlibcontainer
1.6.0
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
docker.io
bullseye
20.10.5+dfsg1-1+deb11u2
fixed
bullseye (security)
20.10.5+dfsg1-1+deb11u3
fixed
bookworm
20.10.24+dfsg1-1
fixed
sid
26.1.5+dfsg1-4
fixed
trixie
26.1.5+dfsg1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
docker.io
zesty
not-affected
yakkety
ignored
xenial
Fixed 1.6.2~dfsg1-1ubuntu4
released
wily
ignored
vivid
ignored
utopic
ignored
trusty
Fixed 1.6.2~dfsg1-1ubuntu4~14.04.1
released
precise
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html
http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html
http://seclists.org/fulldisclosure/2015/May/28
http://www.securityfocus.com/bid/74558
https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ
http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html
http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html
http://seclists.org/fulldisclosure/2015/May/28
http://www.securityfocus.com/bid/74558
https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ