CVE-2014-6407
First published: Fri Dec 12 2014(Updated: )
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Python Docker | <=1.3.1 | |
| Python Docker | =1.0.0 | |
| Python Docker | =1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
- http://secunia.com/advisories/60171
- http://secunia.com/advisories/60241
- http://www.openwall.com/lists/oss-security/2014/11/24/5
- https://docs.docker.com/v1.3/release-notes/
Frequently Asked Questions
What is the severity of CVE-2014-6407?
CVE-2014-6407 has a high severity rating due to the potential for remote code execution and unauthorized file access.
How do I fix CVE-2014-6407?
To fix CVE-2014-6407, upgrade to Docker version 1.3.2 or later.
What systems are affected by CVE-2014-6407?
CVE-2014-6407 affects Docker versions 1.0.0 to 1.3.1.
What types of attacks are possible using CVE-2014-6407?
CVE-2014-6407 allows attackers to exploit symlink or hard link attacks to write to arbitrary files.
When was CVE-2014-6407 reported?
CVE-2014-6407 was reported in December 2014.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/docker
- canonical/python docker
- version/python docker/1.3.1
- version/python docker/1.0.0
- version/python docker/1.3.0