NVD

Id
25296  
Name
CVE-2015-3630  
Description
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2015-05-18  
Modified Date
2017-01-02  
Seq
2015-3630  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
133850 25296 CVE-2015-3630 openSUSE-SU-2015:0905  View
133851 25296 CVE-2015-3630 http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html  View
133852 25296 CVE-2015-3630 20150508 Docker 1.6.1 - Security Advisory [150507]  View
133853 25296 CVE-2015-3630 74566  View
133854 25296 CVE-2015-3630 https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7412 JVNDB-2015-002732 Docker Engine におけるホストを変更される脆弱性 Docker Engine は、(1) /proc/asound、(2) /proc/timer_stats、(3) /proc/latency_stats、および (4) /proc/fs に脆弱なパーミッションを使用するため、ホストを変更される、重要な情報を取得される、およびプロトコルのダウングレードを実行される脆弱性が存在します。 CVE-2015-3630 80855 CVE-2015-3630 25296 7.2 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-002732.html 2015-05-08 2015-05-20 View