6.4

CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DockerDocker Version >= 1.11.0 < 1.12.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.297
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 0.5 5.9
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://rhn.redhat.com/errata/RHSA-2017-0116.html
http://rhn.redhat.com/errata/RHSA-2017-0123.html
http://rhn.redhat.com/errata/RHSA-2017-0127.html
http://seclists.org/fulldisclosure/2017/Jan/21
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2017/Jan/29
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/540001/100/0/threaded
http://www.securityfocus.com/bid/95361
Third Party Advisory
VDB Entry
https://access.redhat.com/security/vulnerabilities/cve-2016-9962
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
Issue Tracking
https://github.com/docker/docker/releases/tag/v1.12.6
Vendor Advisory
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/
https://security.gentoo.org/glsa/201701-34
Third Party Advisory