Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-757.NASL
HistoryDec 09, 2014 - 12:00 a.m.

openSUSE Security Update : docker (openSUSE-SU-2014:1596-1)

2014-12-0900:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.09 Low

EPSS

Percentile

94.6%

JSON

docker was updated to version 1.3.2 to fix two security issues.

These security issues were fixed :

  • Symbolic and hardlink issues leading to privilege escalation (CVE-2014-6407).

  • Potential container escalation (CVE-2014-6408).

There non-security issues were fixed :

  • Fix deadlock in docker ps -f exited=1

  • Fix a bug when --volumes-from references a container that failed to start

  • –insecure-registry now accepts CIDR notation such as 10.1.0.0/16

  • Private registries whose IPs fall in the 127.0.0.0/8 range do no need the --insecure-registry flag

  • Skip the experimental registry v2 API when mirroring is enabled

  • Fixed minor packaging issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-757.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79819);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-6407", "CVE-2014-6408");

  script_name(english:"openSUSE Security Update : docker (openSUSE-SU-2014:1596-1)");
  script_summary(english:"Check for the openSUSE-2014-757 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"docker was updated to version 1.3.2 to fix two security issues.

These security issues were fixed :

  - Symbolic and hardlink issues leading to privilege
    escalation (CVE-2014-6407).

  - Potential container escalation (CVE-2014-6408).

There non-security issues were fixed :

  - Fix deadlock in docker ps -f exited=1

  - Fix a bug when --volumes-from references a container
    that failed to start

  - --insecure-registry now accepts CIDR notation such as
    10.1.0.0/16

  - Private registries whose IPs fall in the 127.0.0.0/8
    range do no need the --insecure-registry flag

  - Skip the experimental registry v2 API when mirroring is
    enabled

  - Fixed minor packaging issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=907012"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=907014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00040.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected docker packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"docker-1.3.2-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-bash-completion-1.3.2-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-debuginfo-1.3.2-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-debugsource-1.3.2-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-zsh-completion-1.3.2-9.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker / docker-bash-completion / docker-debuginfo / etc");
}
VendorProductVersionCPE
novellopensusedocker-debuginfop-cpe:/a:novell:opensuse:docker-debuginfo
novellopensusedocker-debugsourcep-cpe:/a:novell:opensuse:docker-debugsource
novellopensusedocker-zsh-completionp-cpe:/a:novell:opensuse:docker-zsh-completion
novellopensuse13.2cpe:/o:novell:opensuse:13.2
novellopensusedockerp-cpe:/a:novell:opensuse:docker
novellopensusedocker-bash-completionp-cpe:/a:novell:opensuse:docker-bash-completion

Related

oraclelinux 1
nessus 3
suse 1
openvas 8
amazon 1
fedora 2
securityvulns 1
prion 3
github 2
cvelist 2
ubuntucve 2
cve 3
cbl_mariner 1
osv 2
nvd 3
veracode 2
debiancve 2
redhatcve 1
oraclelinux
oraclelinux
docker security and bug fix update
2014-12-05 00:00:00
nessus
nessus
Fedora 21 : docker-io-1.3.2-2.fc21 (2014-15779)
2014-12-04 00:00:00
Amazon Linux AMI : docker (ALAS-2014-454)
2014-11-26 00:00:00
Oracle Linux 6 / 7 : docker (ELSA-2014-3095)
2014-12-06 00:00:00
suse
suse
Security update for docker (important)
2014-12-08 17:07:52
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-454)
2015-09-08 00:00:00
Oracle: Security Advisory (ELSA-2014-3095)
2015-10-06 00:00:00
Fedora Update for docker-io FEDORA-2014-15779
2015-01-05 00:00:00
amazon
amazon
Critical: docker
2014-11-25 12:22:00
fedora
fedora
[SECURITY] Fedora 21 Update: docker-io-1.3.2-2.fc21
2014-12-03 17:16:16
[SECURITY] Fedora 20 Update: docker-io-1.4.1-6.fc20
2015-01-26 02:35:37
securityvulns
securityvulns
Docker 1.3.2 - Security Advisory [24 Nov 2014]
2014-12-01 00:00:00
prion
prion
Design/Logic Flaw
2014-12-12 15:59:00
Hardcoded credentials
2014-12-12 15:59:00
Design/Logic Flaw
2014-11-25 20:59:00
github
github
Access Restriction Bypass in Docker
2022-02-15 01:57:18
Arbitrary Code Execution in Docker
2022-02-15 00:41:12
cvelist
cvelist
CVE-2014-6408
2014-12-12 15:00:00
CVE-2014-6407
2014-12-12 15:00:00
ubuntucve
ubuntucve
CVE-2014-6408
2014-12-12 00:00:00
CVE-2014-6407
2014-12-12 00:00:00
cve
cve
CVE-2014-6408
2014-12-12 15:59:06
CVE-2014-6407
2014-12-12 15:59:04
CVE-2014-3605
2014-11-25 20:59:00
cbl_mariner
cbl_mariner
CVE-2014-6407 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
osv
osv
Arbitrary Code Execution in Docker
2022-02-15 00:41:12
Access Restriction Bypass in Docker
2022-02-15 01:57:18
nvd
nvd
CVE-2014-6408
2014-12-12 15:59:06
CVE-2014-6407
2014-12-12 15:59:04
CVE-2014-3605
2014-11-25 20:59:00
veracode
veracode
Container Bypass
2017-05-03 08:59:15
Remote Code Execution (RCE)
2017-05-03 07:48:05
debiancve
debiancve
CVE-2014-6408
2014-12-12 15:59:06
CVE-2014-6407
2014-12-12 15:59:04
redhatcve
redhatcve
CVE-2014-3605
2020-02-11 05:14:18

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.09 Low

EPSS

Percentile

94.6%

JSON
Related for OPENSUSE-2014-757.NASL
oraclelinux1nessus3suse1openvas8amazon1fedora2securityvulns1prion3github2cvelist2ubuntucve2cve3cbl_mariner1osv2nvd3veracode2debiancve2redhatcve1