Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-820.NASL
HistoryDec 29, 2014 - 12:00 a.m.

openSUSE Security Update : docker (openSUSE-SU-2014:1722-1)

2014-12-2900:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

0.014 Low

EPSS

Percentile

86.6%

JSON

This docker version update fixes the following security and non security issues and adds additional features.

  • Updated to 1.4.0 (2014-12-11) :

  • Notable Features since 1.3.0 :

  • Set key=value labels to the daemon (displayed in docker info), applied with new -label daemon flag

  • Add support for ENV in Dockerfile of the form: ENV name=value name2=value2...

  • New Overlayfs Storage Driver

  • docker info now returns an ID and Name field

  • Filter events by event name, container, or image

  • docker cp now supports copying from container volumes

  • Fixed docker tag, so it honors --force when overriding a tag for existing image.

  • Changes introduced by 1.3.3 (2014-12-11) :

  • Security :

  • Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)

  • Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)

  • Validate image IDs (CVE-2014-9358) - (bnc#909712)

  • Runtime :

  • Fix an issue when image archives are being read slowly

  • Client :

  • Fix a regression related to stdin redirection

  • Fix a regression with docker cp when destination is the current directory

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-820.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80278);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2014-9356", "CVE-2014-9357", "CVE-2014-9358");

  script_name(english:"openSUSE Security Update : docker (openSUSE-SU-2014:1722-1)");
  script_summary(english:"Check for the openSUSE-2014-820 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This docker version update fixes the following security and non
security issues and adds additional features.

  - Updated to 1.4.0 (2014-12-11) :

  - Notable Features since 1.3.0 :

  - Set key=value labels to the daemon (displayed in `docker
    info`), applied with new `-label` daemon flag

  - Add support for `ENV` in Dockerfile of the form: `ENV
    name=value name2=value2...`

  - New Overlayfs Storage Driver

  - `docker info` now returns an `ID` and `Name` field

  - Filter events by event name, container, or image

  - `docker cp` now supports copying from container volumes

  - Fixed `docker tag`, so it honors `--force` when
    overriding a tag for existing image.

  - Changes introduced by 1.3.3 (2014-12-11) :

  - Security :

  - Fix path traversal vulnerability in processing of
    absolute symbolic links (CVE-2014-9356) - (bnc#909709)

  - Fix decompression of xz image archives, preventing
    privilege escalation (CVE-2014-9357) - (bnc#909710)

  - Validate image IDs (CVE-2014-9358) - (bnc#909712)

  - Runtime :

  - Fix an issue when image archives are being read slowly

  - Client :

  - Fix a regression related to stdin redirection

  - Fix a regression with `docker cp` when destination is
    the current directory"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=909709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=909710"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=909712"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-12/msg00106.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected docker packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/29");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"docker-1.4.0-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-bash-completion-1.4.0-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-debuginfo-1.4.0-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-debugsource-1.4.0-13.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"docker-zsh-completion-1.4.0-13.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker / docker-bash-completion / docker-debuginfo / etc");
}
VendorProductVersionCPE
novellopensusedockerp-cpe:/a:novell:opensuse:docker
novellopensusedocker-bash-completionp-cpe:/a:novell:opensuse:docker-bash-completion
novellopensusedocker-debuginfop-cpe:/a:novell:opensuse:docker-debuginfo
novellopensusedocker-debugsourcep-cpe:/a:novell:opensuse:docker-debugsource
novellopensusedocker-zsh-completionp-cpe:/a:novell:opensuse:docker-zsh-completion
novellopensuse13.2cpe:/o:novell:opensuse:13.2

Related

securityvulns 2
nessus 6
openvas 6
archlinux 1
oraclelinux 1
amazon 1
fedora 2
redhat 1
debiancve 3
cve 3
osv 3
veracode 3
cvelist 3
ubuntucve 3
nvd 3
github 3
cbl_mariner 2
prion 3
securityvulns
securityvulns
Docker 1.3.3 - Security Advisory [11 Dec 2014]
2014-12-22 00:00:00
Docker multiple security vulnerabilities
2014-12-22 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : docker (ELSA-2014-3110)
2015-01-02 00:00:00
Fedora 20 : docker-io-1.4.1-6.fc20 (2015-1128)
2015-01-26 00:00:00
Fedora 21 : docker-io-1.4.0-1.fc21 (2014-16839)
2014-12-15 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-461)
2015-09-08 00:00:00
Oracle: Security Advisory (ELSA-2014-3110)
2015-10-06 00:00:00
Docker < 1.3.3 Multiple Vulnerabilities
2021-09-08 00:00:00
archlinux
archlinux
docker: multiple issues
2014-12-15 00:00:00
oraclelinux
oraclelinux
docker security update
2014-12-30 00:00:00
amazon
amazon
Critical: docker
2014-12-11 16:40:00
fedora
fedora
[SECURITY] Fedora 21 Update: docker-io-1.4.0-1.fc21
2014-12-15 04:32:25
[SECURITY] Fedora 20 Update: docker-io-1.4.1-6.fc20
2015-01-26 02:35:37
redhat
redhat
(RHSA-2015:0623) Low: docker security, bug fix, and enhancement update
2015-03-05 00:00:00
debiancve
debiancve
CVE-2014-9358
2014-12-16 18:59:16
CVE-2014-9356
2019-12-02 18:15:10
CVE-2014-9357
2014-12-16 18:59:15
cve
cve
CVE-2014-9356
2019-12-02 18:15:10
CVE-2014-9357
2014-12-16 18:59:15
CVE-2014-9358
2014-12-16 18:59:16
osv
osv
Directory Traversal in Docker
2022-02-15 00:41:14
Path Traversal in Docker
2021-05-18 21:09:17
Arbitrary Code Execution
2022-02-15 01:57:18
veracode
veracode
Directory Traversal
2017-05-03 08:48:29
Remote Code Execution (RCE)
2017-05-03 08:53:24
Directory Traversal
2017-05-03 08:56:04
cvelist
cvelist
CVE-2014-9356
2019-12-02 17:07:40
CVE-2014-9358
2014-12-16 18:00:00
CVE-2014-9357
2014-12-16 18:00:00
ubuntucve
ubuntucve
CVE-2014-9356
2019-12-02 00:00:00
CVE-2014-9358
2014-12-16 00:00:00
CVE-2014-9357
2014-12-16 00:00:00
nvd
nvd
CVE-2014-9356
2019-12-02 18:15:10
CVE-2014-9358
2014-12-16 18:59:16
CVE-2014-9357
2014-12-16 18:59:15
github
github
Directory Traversal in Docker
2022-02-15 00:41:14
Path Traversal in Docker
2021-05-18 21:09:17
Arbitrary Code Execution
2022-02-15 01:57:18
cbl_mariner
cbl_mariner
CVE-2014-9356 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
CVE-2014-9358 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
prion
prion
Path traversal
2019-12-02 18:15:00
Path traversal
2014-12-16 18:59:00
Code injection
2014-12-16 18:59:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

0.014 Low

EPSS

Percentile

86.6%

JSON
Related for OPENSUSE-2014-820.NASL
securityvulns2nessus6openvas6archlinux1oraclelinux1amazon1fedora2redhat1debiancve3cve3osv3veracode3cvelist3ubuntucve3nvd3github3cbl_mariner2prion3