Test Kennung:	1.3.6.1.4.1.25623.1.0.123110
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2015-3037)
Zusammenfassung:	The remote host is missing an update for the 'docker' package(s) announced via the ELSA-2015-3037 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'docker' package(s) announced via the ELSA-2015-3037 advisory. Vulnerability Insight: [1.6.1-1.0.1] - Update source to 1.6.1 from [link moved to references] Symlink traversal on container respawn allows local privilege escalation (CVE-2015-3629) Insecure opening of file-descriptor 1 leading to privilege escalation (CVE-2015-3627) Read/write proc paths allow host modification & information disclosure (CVE-2015-3630) Volume mounts allow LSM profile escalation (CVE-2015-3631) AppArmor policy improvements Affected Software/OS: 'docker' package(s) on Oracle Linux 6, Oracle Linux 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3627 http://seclists.org/fulldisclosure/2015/May/28 http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html SuSE Security Announcement: openSUSE-SU-2015:0905 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html Common Vulnerability Exposure (CVE) ID: CVE-2015-3629 BugTraq ID: 74558 http://www.securityfocus.com/bid/74558 Common Vulnerability Exposure (CVE) ID: CVE-2015-3630 BugTraq ID: 74566 http://www.securityfocus.com/bid/74566
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.