Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Critical security flaw discovered in the Docker application

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

November 25, 2014

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

A critical security flaw has been discovered in the Docker application containerization software for Linux that could allow an attacker to gain elevated privileges and execute code remotely on affected systems.

The security hole, which has been corrected in Docker 1.3.2, affects all previous versions of the software.

"No remediation is available for older versions of Docker and users are strongly advised to upgrade as soon as possible," the company said in a security advisory yesterday.

The vulnerability, which has been assigned CVE-2014-6407, relates to how the Docker engine handles file-system image files.

Previous versions of the software would blindly follow symbolic and hard links in image archives, which could have allowed an attacker to craft a malicious image that wrote files to arbitrary directories on disk.

Docker 1.3.2 performs additional security checks on images before extracting them, and the extraction itself now takes place inside a chroot sandbox environment, where it only has limited access to the file system.

Docker credits Red Hat's Florian Weimer and independent researcher Tonis Tiigi for spotting the security issue.

But if fixing that little showstopper isn't reason enough for you to upgrade, Monday's security disclosure also describes a second critical bug, CVE-2014-6408, this one affecting only Docker versions 1.3.0 and 1.3.1.

Those versions of the software would accept and act upon security options that were applied to Docker images, which could allow a malicious image to loosen the security restrictions applied to the container that's executing the image.

Under the right circumstances, that in turn could let a malicious program break free of its container and affect the host system itself.

Docker says version 1.3.2 is available now for all supported platforms. That's a long list, but upgrade instructions are available for many of them on the website.

Source: The Docker Team.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer