CVE-2015-3627 — Symlink Attack in Libcontainer and Docker Engine in github.com/docker/docker

Description

Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.

How to fix CVE-2015-3627

To remediate CVE-2015-3627, upgrade the affected package to a fixed version below.

Debian/docker.io—upgrade to 1.6.1+dfsg1-1 or later
Go/github.com/docker/docker—upgrade to 1.6.1 or later
Go/github.com/docker/docker—upgrade to 1.6.1 or later

Is CVE-2015-3627 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1.6.1+dfsg1-1
from 0, < 1.6.1
from 0, < 1.6.1

References (9)

ADVISORYgithub.com/advisories/GHSA-g7v2-2qxx-wjrw
ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-3627
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-3627
WEBgithub.com/docker/docker/commit/d5ebb60bddbabea0439213501f4f6ed494b23cba