Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-15664 (GCVE-0-2018-15664)
Vulnerability from cvelistv5 – Published: 2019-05-23 13:58 – Updated: 2024-08-05 10:01
VLAI?
EPSS
Summary
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/pull/39252"
},
{
"name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
},
{
"name": "108507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108507"
},
{
"name": "openSUSE-SU-2019:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
},
{
"name": "USN-4048-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"name": "RHSA-2019:1910",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
},
{
"name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
},
{
"name": "openSUSE-SU-2019:2044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-01T23:06:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/pull/39252"
},
{
"name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
},
{
"name": "108507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108507"
},
{
"name": "openSUSE-SU-2019:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
},
{
"name": "USN-4048-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"name": "RHSA-2019:1910",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
},
{
"name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
},
{
"name": "openSUSE-SU-2019:2044",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1096726",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
},
{
"name": "https://github.com/moby/moby/pull/39252",
"refsource": "MISC",
"url": "https://github.com/moby/moby/pull/39252"
},
{
"name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
},
{
"name": "108507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108507"
},
{
"name": "openSUSE-SU-2019:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
},
{
"name": "USN-4048-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"name": "RHSA-2019:1910",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
},
{
"name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
},
{
"name": "openSUSE-SU-2019:2044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15664",
"datePublished": "2019-05-23T13:58:37.000Z",
"dateReserved": "2018-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:01:54.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CNVD-2019-16272
Vulnerability from cnvd - Published: 2019-06-03
VLAI Severity ?
Title
Docker API端点路径遍历漏洞
Description
Docker是美国Docker公司的一款开源的应用容器引擎。
Docker API端点存在路径遍历漏洞,允许远程攻击者利用漏洞提交特殊的请求,在应用程序上下文读取系统文件。
Severity
高
Patch Name
Docker API端点路径遍历漏洞的补丁
Patch Description
Docker是美国Docker公司的一款开源的应用容器引擎。
Docker API端点存在路径遍历漏洞,允许远程攻击者利用漏洞提交特殊的请求,在应用程序上下文读取系统文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: https://www.docker.com/
Reference
https://web.nvd.nist.gov//vuln/detail/CVE-2018-15664
Impacted products
| Name | Docker Docker <=18.06.1-ce-rc2 |
|---|
{
"bids": {
"bid": {
"bidNumber": "108507"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-15664",
"cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664"
}
},
"description": "Docker\u662f\u7f8e\u56fdDocker\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5e94\u7528\u5bb9\u5668\u5f15\u64ce\u3002\n\nDocker API\u7aef\u70b9\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u5728\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u8bfb\u53d6\u7cfb\u7edf\u6587\u4ef6\u3002",
"discovererName": "Aleksa Sarai",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.docker.com/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-16272",
"openTime": "2019-06-03",
"patchDescription": "Docker\u662f\u7f8e\u56fdDocker\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u5e94\u7528\u5bb9\u5668\u5f15\u64ce\u3002\r\n\r\nDocker API\u7aef\u70b9\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u5728\u5e94\u7528\u7a0b\u5e8f\u4e0a\u4e0b\u6587\u8bfb\u53d6\u7cfb\u7edf\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Docker API\u7aef\u70b9\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Docker Docker \u003c=18.06.1-ce-rc2"
},
"referenceLink": "https://web.nvd.nist.gov//vuln/detail/CVE-2018-15664",
"serverity": "\u9ad8",
"submitTime": "2019-05-23",
"title": "Docker API\u7aef\u70b9\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}
GSD-2018-15664
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-15664",
"description": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).",
"id": "GSD-2018-15664",
"references": [
"https://www.suse.com/security/cve/CVE-2018-15664.html",
"https://access.redhat.com/errata/RHSA-2019:1910",
"https://ubuntu.com/security/CVE-2018-15664",
"https://security.archlinux.org/CVE-2018-15664",
"https://alas.aws.amazon.com/cve/html/CVE-2018-15664.html",
"https://linux.oracle.com/cve/CVE-2018-15664.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-15664"
],
"details": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).",
"id": "GSD-2018-15664",
"modified": "2023-12-13T01:22:23.643441Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1096726",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
},
{
"name": "https://github.com/moby/moby/pull/39252",
"refsource": "MISC",
"url": "https://github.com/moby/moby/pull/39252"
},
{
"name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
},
{
"name": "108507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108507"
},
{
"name": "openSUSE-SU-2019:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
},
{
"name": "USN-4048-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"name": "RHSA-2019:1910",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
},
{
"name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
},
{
"name": "openSUSE-SU-2019:2044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.2-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.07.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.0-ce:rc3:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.0-ce:rc4:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.0-ce:rc5:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.09.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.09.0-ce:rc3:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.09.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.09.1-ce-:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.12.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.12.1-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.12.1-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.12.1-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.04.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.04.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.04.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.05.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.1-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.1-ce:rc3:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.07.0-ce:rc4:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.09.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.09.1-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.10.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.12.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.12.0-ce:rc3:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.01.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.02.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.0-ce:rc4:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.05.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.06.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.07.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.11.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.11.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.11.0-ce:rc3:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.11.0-ce:rc4:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.11.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.02.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.0-ce:rc3:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.06.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.06.1-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.06.1-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.1-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.1-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.06.1-ce:rc4:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.07.0-ce:rc3:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.07.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.10.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.10.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.12.0-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:17.12.0-ce:rc4:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.01.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.02.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.0-ce:*:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.03.1-ce:rc2:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.06.0-ce:rc1:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:docker:docker:18.06.0-ce:rc3:*:*:community:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15664"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moby/moby/pull/39252",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/moby/moby/pull/39252"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1096726",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Exploit",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
},
{
"name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Exploit",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
},
{
"name": "108507",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108507"
},
{
"name": "https://access.redhat.com/security/cve/cve-2018-15664",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2018-15664"
},
{
"name": "openSUSE-SU-2019:1621",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
},
{
"name": "USN-4048-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664",
"refsource": "CONFIRM",
"tags": [],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"name": "RHSA-2019:1910",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
},
{
"name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
},
{
"name": "openSUSE-SU-2019:2044",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
},
"lastModifiedDate": "2019-06-25T12:15Z",
"publishedDate": "2019-05-23T14:29Z"
}
}
}
FKIE_CVE-2018-15664
Vulnerability from fkie_nvd - Published: 2019-05-23 14:29 - Updated: 2024-11-21 03:51
Severity ?
Summary
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| docker | docker | 17.06.0-ce | |
| docker | docker | 17.06.0-ce | |
| docker | docker | 17.06.0-ce | |
| docker | docker | 17.06.0-ce | |
| docker | docker | 17.06.0-ce | |
| docker | docker | 17.06.0-ce | |
| docker | docker | 17.06.1-ce | |
| docker | docker | 17.06.1-ce | |
| docker | docker | 17.06.1-ce | |
| docker | docker | 17.06.1-ce | |
| docker | docker | 17.06.1-ce | |
| docker | docker | 17.06.2-ce | |
| docker | docker | 17.06.2-ce | |
| docker | docker | 17.07.0-ce | |
| docker | docker | 17.07.0-ce | |
| docker | docker | 17.07.0-ce | |
| docker | docker | 17.07.0-ce | |
| docker | docker | 17.07.0-ce | |
| docker | docker | 17.09.0-ce | |
| docker | docker | 17.09.0-ce | |
| docker | docker | 17.09.0-ce | |
| docker | docker | 17.09.0-ce | |
| docker | docker | 17.09.1-ce | |
| docker | docker | 17.09.1-ce- | |
| docker | docker | 17.10.0-ce | |
| docker | docker | 17.10.0-ce | |
| docker | docker | 17.10.0-ce | |
| docker | docker | 17.11.0-ce | |
| docker | docker | 17.11.0-ce | |
| docker | docker | 17.11.0-ce | |
| docker | docker | 17.11.0-ce | |
| docker | docker | 17.11.0-ce | |
| docker | docker | 17.12.0-ce | |
| docker | docker | 17.12.0-ce | |
| docker | docker | 17.12.0-ce | |
| docker | docker | 17.12.0-ce | |
| docker | docker | 17.12.0-ce | |
| docker | docker | 17.12.1-ce | |
| docker | docker | 17.12.1-ce | |
| docker | docker | 17.12.1-ce | |
| docker | docker | 18.01.0-ce | |
| docker | docker | 18.01.0-ce | |
| docker | docker | 18.02.0-ce | |
| docker | docker | 18.02.0-ce | |
| docker | docker | 18.02.0-ce | |
| docker | docker | 18.03.0-ce | |
| docker | docker | 18.03.0-ce | |
| docker | docker | 18.03.0-ce | |
| docker | docker | 18.03.0-ce | |
| docker | docker | 18.03.0-ce | |
| docker | docker | 18.03.1-ce | |
| docker | docker | 18.03.1-ce | |
| docker | docker | 18.03.1-ce | |
| docker | docker | 18.04.0-ce | |
| docker | docker | 18.04.0-ce | |
| docker | docker | 18.04.0-ce | |
| docker | docker | 18.05.0-ce | |
| docker | docker | 18.05.0-ce | |
| docker | docker | 18.06.0-ce | |
| docker | docker | 18.06.0-ce | |
| docker | docker | 18.06.0-ce | |
| docker | docker | 18.06.0-ce | |
| docker | docker | 18.06.1-ce | |
| docker | docker | 18.06.1-ce |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "03ED214E-B35E-4269-AB60-DC153D84A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "23DC417C-741C-4B54-AC05-695266F837BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "EA9CEEEF-FA4C-466B-B06A-409B412911CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc3:*:*:community:*:*:*",
"matchCriteriaId": "1D56B684-9D21-456D-AEAF-681FE4AF34DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc4:*:*:community:*:*:*",
"matchCriteriaId": "6AC3E4B6-3D75-408D-B3CD-0E5FC83DC303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.0-ce:rc5:*:*:community:*:*:*",
"matchCriteriaId": "1BA3AC1D-E044-4F3F-A880-9D57E6247D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "ADFFCF49-C72C-4122-8035-D56FBDF36EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "A07F31B1-0471-4496-98E8-3D50D62A9376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "157499DF-2A7E-4615-9F6B-383F998D45D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc3:*:*:community:*:*:*",
"matchCriteriaId": "426A1B51-9C0C-4E2E-AD7B-F2C9C2F90DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.1-ce:rc4:*:*:community:*:*:*",
"matchCriteriaId": "BA3C59E2-4528-498B-B77A-CCDB9E1F2EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "FF0BFEAD-83C4-43C3-AF7F-B07E623027CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.06.2-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "90446BD3-E1E0-4FF0-8617-635C1428206C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "346B183E-B29A-4D11-A5EB-B4263AE2A930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "0E3245D9-EE7C-48C6-ADA7-D09BAC758335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "06067BD7-BF28-4C3C-8AA4-33AE91D1A08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc3:*:*:community:*:*:*",
"matchCriteriaId": "2AA91357-976E-4E58-933F-3B5053E44AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.07.0-ce:rc4:*:*:community:*:*:*",
"matchCriteriaId": "08DBC6A3-AFC6-4D34-B2C6-E7557A9BAC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "0CDFF197-1317-4E9A-89AC-42A347E92CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "DBA8D554-BA26-4440-83C1-623B02B9378A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "444F283F-E95D-4885-88E9-552846EB34B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.0-ce:rc3:*:*:community:*:*:*",
"matchCriteriaId": "F0C3E0C2-B036-49CE-99DF-7243AFFD23D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.1-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "443E631B-4D7D-4C45-8A64-6C98DD18D286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.09.1-ce-:rc1:*:*:community:*:*:*",
"matchCriteriaId": "CDE4D9DF-794E-4ACB-88D4-866F1D333B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "3332E705-364B-4CFE-8EFE-791191DD6D92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "CB5190C1-B7B3-4CA5-8B04-7C4C29952687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.10.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "7926C680-46ED-49FE-9000-A2CCD61CF6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "B7C29495-0403-4D11-9687-249DCD60536B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "9CFCE477-6B5C-43B2-BA05-2D4B8C18168A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "62A4CEB1-4053-4508-9FE7-0D23A61CEE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc3:*:*:community:*:*:*",
"matchCriteriaId": "A3BC6153-1036-4A2B-8E6B-CCCBE9866641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.11.0-ce:rc4:*:*:community:*:*:*",
"matchCriteriaId": "EB4E8414-1B6C-457E-8C1D-19D962FEF212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "A4FE190B-896E-4CFD-AD14-B8F990F6C2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "03558F57-4DB4-42A1-8FFF-E32455F14D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "BD7FE2CE-D564-4B0F-A86C-3D9D8ADB4209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc3:*:*:community:*:*:*",
"matchCriteriaId": "CE6482EC-8B28-4EBA-8D31-444AF20CDF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.0-ce:rc4:*:*:community:*:*:*",
"matchCriteriaId": "2B6895B8-84E0-4796-9BE6-F560F78B6F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "2476F29C-9011-4040-B45B-ABEA9D9B989A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "BA34377A-7FAF-489F-967C-592F4DDAA395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:17.12.1-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "F5981E01-90F2-4950-BDCC-049B8CF11BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.01.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "6A67CC6A-5DFF-4EC8-AD89-CBE61D5B1E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.01.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "417A41D1-95F5-4F11-A84A-80EFB5470FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "E6EFF14F-CD0B-4AC6-95F8-AEAAE0AFC9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "749D44D3-0800-452D-B617-16533AFCDB9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.02.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "BFDB4066-4966-45DA-886B-83B4DA10E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "A632A32E-83CC-4643-A92E-4B853772B1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "74447A87-49F6-40E9-B42B-4DD10915FD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "850F9B89-B19C-4334-B188-ED9B30E4858F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc3:*:*:community:*:*:*",
"matchCriteriaId": "DC41D120-BB84-497B-8E14-4242DA34336B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.0-ce:rc4:*:*:community:*:*:*",
"matchCriteriaId": "D3A6BC7B-16B3-4C38-884F-F3D58D02DCB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "76C71530-639E-4E9A-B74F-0D046E0F1A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "B1C17446-B119-483F-8BB2-80DBE1CD28C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.03.1-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "D5DEED51-DDC3-40CA-8FDA-59462492BEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "CF279FD4-58D4-4272-AC14-DE9D79D88BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "749AA8E0-2F98-424C-9A0D-9F91987F3A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.04.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "E5C31E97-B350-457C-9EBE-CD9DEC94D818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.05.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "DE28CE42-3EB2-4032-BEE6-C87C65551B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.05.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "2704A6EF-A030-4B3F-8160-EE1F4B401E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:*:*:*:community:*:*:*",
"matchCriteriaId": "18C4AB1B-79B0-4F1B-A80D-B4F16C49BFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "A48C808D-7B04-457F-9724-1694696773CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "D20E4F37-3E9E-4A42-8E6A-7888776B2C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.06.0-ce:rc3:*:*:community:*:*:*",
"matchCriteriaId": "6CBB326E-A337-4047-B332-E12EB6F00E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.06.1-ce:rc1:*:*:community:*:*:*",
"matchCriteriaId": "F2A1AE6D-371D-4876-90B7-0B8D62D5AFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:docker:docker:18.06.1-ce:rc2:*:*:community:*:*:*",
"matchCriteriaId": "D2AF3BE5-8C7B-4F4C-A381-59DFF1B5233A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."
},
{
"lang": "es",
"value": "En Docker hasta la versi\u00f3n 18.06.1-ce-rc2, los endpoints API debajo del comando \u0027docker cp\u0027 son vulnerables a un ataque de de tipo symlink-exchange con salto de directorio, dando a los atacantes acceso arbitrario de lectura-escritura al sistema de archivos del host con privilegios de root, porque daemon/archive.go no genera operaciones de archivo en un filesystem congelado (o desde dentro de una operaci\u00f3n chroot)."
}
],
"id": "CVE-2018-15664",
"lastModified": "2024-11-21T03:51:14.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-23T14:29:07.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108507"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/moby/moby/pull/39252"
},
{
"source": "cve@mitre.org",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4048-1/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2018-15664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/moby/moby/pull/39252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4048-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-PV79-5R2C-JRPQ
Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:45
VLAI?
Details
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2018-15664"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-23T14:29:00Z",
"severity": "HIGH"
},
"details": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).",
"id": "GHSA-pv79-5r2c-jrpq",
"modified": "2024-04-04T00:45:38Z",
"published": "2022-05-24T16:46:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15664"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/pull/39252"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1910"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2018-15664"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4048-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108507"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2018-15664
Vulnerability from fstec - Published: 23.05.2019
VLAI Severity ?
Title
Уязвимость компонента daemon/archive.go средства автоматизации развёртывания и управления приложениями в средах с поддержкой контейнеризации Docker, позволяющая нарушителю повысить свои привилегии и получить доступ на чтение и запись файлов
Description
Уязвимость компонента daemon/archive.go средства автоматизации развёртывания и управления приложениями в средах с поддержкой контейнеризации Docker связана с ошибками синхронизации при использовании общего ресурса («Ситуация гонки»). Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии и получить доступ на чтение и запись файлов
Severity ?
Vendor
Docker Inc., АО «Концерн ВНИИНС»
Software Name
Docker, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
до 18.06.1-ce-rc2 (Docker), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
Для Docker:
https://github.com/moby/moby/pull/39252
Для ОС ОН «Стрелец»:
Обновление программного обеспечения docker.io до версии 18.09.1+dfsg1-7.1+deb10u3.osnova5
Reference
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664
https://nvd.nist.gov/vuln/detail/CVE-2018-15664
https://www.openwall.com/lists/oss-security/2019/05/28/1
https://github.com/moby/moby/pull/39252
https://www.openwall.com/lists/oss-security/2019/05/28/1
https://github.com/moby/moby/issues/5619
https://github.com/moby/moby/pull/6000
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
CWE
CWE-362
{
"CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Docker Inc., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 18.06.1-ce-rc2 (Docker), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Docker:\nhttps://github.com/moby/moby/pull/39252\n\n\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f docker.io \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 18.09.1+dfsg1-7.1+deb10u3.osnova5",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.05.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.07.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02690",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-15664",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Docker, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 daemon/archive.go \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u0432 \u0441\u0440\u0435\u0434\u0430\u0445 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0438\u0437\u0430\u0446\u0438\u0438 Docker, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u044c \u0444\u0430\u0439\u043b\u043e\u0432",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 daemon/archive.go \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f\u043c\u0438 \u0432 \u0441\u0440\u0435\u0434\u0430\u0445 \u0441 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u043e\u0439 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0438\u0437\u0430\u0446\u0438\u0438 Docker \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u044c \u0444\u0430\u0439\u043b\u043e\u0432",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15664\n\nhttps://www.openwall.com/lists/oss-security/2019/05/28/1\n\nhttps://github.com/moby/moby/pull/39252\nhttps://www.openwall.com/lists/oss-security/2019/05/28/1\n\nhttps://github.com/moby/moby/issues/5619\n\nhttps://github.com/moby/moby/pull/6000\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-362",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2019-AVI-322
Vulnerability from certfr_avis - Published: 2019-07-10 - Updated: 2019-07-10
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Team Foundation Server 2012 Update 4 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 2 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.0.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.1 | ||
| Microsoft | N/A | Mail and Calendar | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 2 pour systèmes x64 (CU+GDR) | ||
| Microsoft | N/A | Microsoft Lync 2013 Service Pack 1 (64 bits) | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 2 (CU+GDR) | ||
| Microsoft | N/A | Skype pour Business 2016 (64 bits) | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 2 pour systèmes 32 bits (GDR) | ||
| Microsoft | N/A | Microsoft Lync Basic 2013 Service Pack 1 (64 bits) | ||
| Microsoft | N/A | Team Foundation Server 2013 Update 5 | ||
| Microsoft | N/A | Microsoft Visual Studio 2010 Service Pack 1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Team Foundation Server 2010 SP1 (x64) | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2013 Update 5 | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU+GDR) | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 2 | ||
| Microsoft | Azure | Azure Automation | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 1 (CU+GDR) | ||
| Microsoft | N/A | Team Foundation Server 2010 SP1 (x86) | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2015 Update 3 | ||
| Microsoft | N/A | Microsoft Exchange Server 2010 Service Pack 3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 | ||
| Microsoft | Azure | Microsoft Azure Kubernetes Service | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 1.2 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU+GDR) | ||
| Microsoft | N/A | Azure IoT Edge | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 2 pour systèmes 32 bits (CU+GDR) | ||
| Microsoft | N/A | Skype pour Business 2016 Basic (32 bits) | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 1 (GDR) | ||
| Microsoft | N/A | Skype pour Business 2016 (32 bits) | ||
| Microsoft | N/A | Microsoft.IdentityModel 7.0.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2012 Update 5 | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 2 (GDR) | ||
| Microsoft | N/A | Microsoft Lync Basic 2013 Service Pack 1 (32 bits) | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 12 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU+GDR) | ||
| Microsoft | N/A | Team Foundation Server 2015 Update 4.2 | ||
| Microsoft | N/A | Skype pour Business 2016 Basic (64 bits) | ||
| Microsoft | N/A | Microsoft Lync 2013 Service Pack 1 (32 bits) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2012 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 2 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Mail and Calendar",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 2 pour syst\u00e8mes x64 (CU+GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2013 Service Pack 1 (64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 2 (CU+GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business 2016 (64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 2 pour syst\u00e8mes 32 bits (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Basic 2013 Service Pack 1 (64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2013 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2010 Service Pack 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2010 SP1 (x64)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2013 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU+GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Automation",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 1 (CU+GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2010 SP1 (x86)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2015 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2010 Service Pack 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Azure Kubernetes Service",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU+GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure IoT Edge",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 2 pour syst\u00e8mes 32 bits (CU+GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business 2016 Basic (32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 1 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business 2016 (32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft.IdentityModel 7.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2012 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 2 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Basic 2013 Service Pack 1 (32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU+GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2015 Update 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business 2016 Basic (64 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync 2013 Service Pack 1 (32 bits)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1062"
},
{
"name": "CVE-2019-1103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1103"
},
{
"name": "CVE-2019-1107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1107"
},
{
"name": "CVE-2019-1079",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1079"
},
{
"name": "CVE-2019-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1001"
},
{
"name": "CVE-2019-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1006"
},
{
"name": "CVE-2019-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1077"
},
{
"name": "CVE-2019-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1084"
},
{
"name": "CVE-2019-1137",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1137"
},
{
"name": "CVE-2019-0962",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0962"
},
{
"name": "CVE-2019-1072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1072"
},
{
"name": "CVE-2019-1076",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1076"
},
{
"name": "CVE-2019-1136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1136"
},
{
"name": "CVE-2019-1106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1106"
},
{
"name": "CVE-2018-15664",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15664"
},
{
"name": "CVE-2019-1068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1068"
},
{
"name": "CVE-2019-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1113"
},
{
"name": "CVE-2019-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1092"
}
],
"initial_release_date": "2019-07-10T00:00:00",
"last_revision_date": "2019-07-10T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-322",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 juillet 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…