CVE-2014-3499

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Published Bysecalert@redhat.com

Published DateJul 11, 2014, 14:55

Affected Versions(1)

github.com/docker/docker(Go)

Introduced0

Fixed1.0.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/docker/docker(Go)	0	1.0.1	N/A

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

7.2

Vector String

AV:L/AC:L/Au:N/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE

References

http://rhn.redhat.com/errata/RHSA-2014-0820.html
https://bugzilla.redhat.com/show_bug.cgi?id=1111687

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

7.2

Vector String

AV:L/AC:L/Au:N/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE