A Tale of Escaping a Hardened Docker container

[Red Timmy Security <publications () redtimmy com>]

Hello,
in a recent security assessment we have managed to escape out of a 
docker container by circumventing an ad-hoc reverse proxy that was 
supposed to prevent abuse of "docker.sock" file exposure.

Full story here: 
https://www.redtimmy.com/docker/a-tale-of-escaping-a-hardened-docker-container/

regards
Redtimmy Security


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/