ID de Prueba:	1.3.6.1.4.1.25623.1.0.107338
Categoría:	Privilege escalation
Título:	Docker for Windows Privilege Escalation Vulnerability
Resumen:	Docker for Windows is prone to a privilege escalation; vulnerability.
Descripción:	Summary: Docker for Windows is prone to a privilege escalation vulnerability. Vulnerability Insight: HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the '\\.\pipe\dockerBackend' named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the 'docker-users' group (who may not otherwise have administrator access) to escalate to administrator privileges. Affected Software/OS: Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable). Solution: Update to version 18.06.0-ce-rc3-win68 (edge) respectively 18.06.0-ce-win72 (stable) or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-15514 BugTraq ID: 105202 http://www.securityfocus.com/bid/105202 https://docs.docker.com/docker-for-windows/edge-release-notes/ https://docs.docker.com/docker-for-windows/release-notes/ https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.