oss-sec mailing list archives
Re: cve request: systemd-machined: information exposure for docker containers
From: cve-assign () mitre org
Date: Tue, 26 Jul 2016 15:24:13 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Once docker containers register themselves to systemd-machined
by oci-register-machine. Any unprivileged user could run
machinectl to list every single containers running in the host
even if the containers do not belong to this user (including containers
belong to the root user), and access sensitive information associated
with any individual container including its internal IP address, OS
version, running processes, and file path for its rootfs.
$ machinectl status cc8d10c7b9892b75843d200d54d34a3a
cc8d10c7b9892b75843d200d54d34a3a(63633864313063376239383932623735)
Since: Mon 2016-07-25 17:55:36 UTC; 34s ago
Leader: 43494 (sleep)
Service: docker; class container
Root: /var/mnt/overlay/overlay/0429684e3da515ae4f11b8514c7b20f759613
Address: 172.17.0.2
fe80::42:acff:fe11:2
OS: Red Hat Enterprise Linux Server 7.2 (Maipo)
Unit: docker-cc8d10c7b9892b75843d200d54d34a3a9435fe0f65527c254ebfd2d
43494 sleep 3000
Use CVE-2016-6349. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXl7elAAoJEHb/MwWLVhi2RWIQAKaV9Wfr8YVQfKU+Skfs5Aw5 10D1SpGzb6X64u7ZBPtBINph6DcANhKRVnsLzhyK64m7tOXlU+f3ZuJJkpYILj/L dqpGgpm4Rr3g3CbOBXQzv3MoxI1x6UBpQ0tD4YJR2l4MUBH+WDNTgS2HGsonDgHW Y2nLzn/xLbnxBJPhtuTxB3rsSYW5HoLv3rU135z++sgckn9wEpMCLKn4RabJX5pn VlvwyvgtS0KQIjxwvc+Fzek3A8JmVmc0Sdv9xv+oUPSpcVx+9UQuJ4IM3JrItkyX ozFJvettlVz5DGP+Il19Bsj4VgnqfbIY4hV9G5W3Zvvvj+0NQbqXeA4rz8s6RRaU VzGZLfxaSt3giTqLYIVQIe5z/B8zzdeyJv8Sq1p54Wlnw3mhV7jy071Tv85Wuy5C WgwlrGw7weXeiDUCDtJccKj+Vulmkl9fA6yZZOTsi1eLdncsRZurdoRKtbu35yS8 uUx7iv855mq0HcEmONagKuVuuZehESJQ1DgIGDs2U0r4oWwAYkmYfvTdfjqni76c CA+qdQZUKXKmg/VBSAxawyO5DeP5sqf8e/W5mGyV9ryEA7d5Td+PhP2/hyYqF/gm cWYAMkuS8Twty3XWceKE01ToBU2E3RsOlJTtA7Y5Su7Za/MyoOO0XgZ5LpU2lMhQ azlA01pX7DjSmXNbCCZF =mOLg -----END PGP SIGNATURE-----
Current thread:
- cve request: systemd-machined: information exposure for docker containers CAI Qian (Jul 26)
- Re: cve request: systemd-machined: information exposure for docker containers cve-assign (Jul 26)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 27)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Jesse Hertz (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Jessica Frazelle (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Simon McVittie (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Jul 28)
- Re: cve request: systemd-machined: information exposure for docker containers Shiz (Aug 01)
- Re: cve request: systemd-machined: information exposure for docker containers Daniel J Walsh (Aug 03)
- Re: Re: cve request: systemd-machined: information exposure for docker containers Christian Rebischke (Jul 27)
- Re: cve request: systemd-machined: information exposure for docker containers cve-assign (Jul 26)