Vulnerability CVE-2014-6408

Vulnerability Name:

CVE-2014-6408 (CCN-98925)

Assigned:

2014-11-24

Published:

2014-11-24

Updated:

2014-12-15

Summary:

Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2014-6408

Source: FEDORA
Type: UNKNOWN
FEDORA-2014-15779

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2014:1596

Source: CCN
Type: oss-security Mailing List, Mon, 24 Nov 2014 16:23:48 -0500
Docker 1.3.2 - Security Advisory [24 Nov 2014]

Source: SECUNIA
Type: UNKNOWN
60171

Source: SECUNIA
Type: UNKNOWN
60241

Source: MLIST
Type: UNKNOWN
[oss-security] 20141124 Docker 1.3.2 - Security Advisory [24 Nov 2014]

Source: CCN
Type: BID-71518
Docker CVE-2014-6408 Local Privilege Escalation Vulnerability

Source: CCN
Type: Docker Web site
Release Notes

Source: CONFIRM
Type: Vendor Advisory
https://docs.docker.com/v1.3/release-notes/

Source: XF
Type: UNKNOWN
docker-cve20146408-priv-esc(98925)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-6408

Vulnerable Configuration:

Configuration 1:

cpe:/a:docker:docker:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:docker:docker:1.3.1:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:docker:docker:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:docker:docker:1.3.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20146408	V	CVE-2014-6408	2023-06-22
oval:org.opensuse.security:def:7725	P	openslp-2.0.0-6.15.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7703	P	libxslt-devel-1.1.34-150400.3.3.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7853	P	docker-20.10.23_ce-150000.175.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:604	P	Security update for virt-v2v (Moderate) (in QA)	2022-09-05
oval:org.opensuse.security:def:602	P	Security update for mariadb (Important)	2022-07-27
oval:org.opensuse.security:def:3243	P	libpython3_6m1_0-3.6.8-2.13 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94873	P	docker-20.10.12_ce-159.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:933	P	Security update for python-PyJWT (Important) (in QA)	2022-06-21
oval:org.opensuse.security:def:931	P	Security update for apache2 (Important) (in QA)	2022-06-14
oval:org.opensuse.security:def:939	P	Security update for wireshark (Moderate)	2022-02-14
oval:org.opensuse.security:def:112162	P	docker-1.12.3-4.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:70024	P	Security update for go1.17 (Moderate)	2021-12-23
oval:org.opensuse.security:def:100701	P	(Important)	2021-12-22
oval:org.opensuse.security:def:1295	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)	2021-12-15
oval:org.opensuse.security:def:1287	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:93988	P	(Important)	2021-12-01
oval:org.opensuse.security:def:1281	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:1279	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) (Important)	2021-11-17
oval:org.opensuse.security:def:6976	P	Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP1) (Important)	2021-10-14
oval:org.opensuse.security:def:105697	P	docker-1.12.3-4.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:71202	P	grub2-2.02-24.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:69919	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:47138	P	python-pyOpenSSL-16.0.0-2.3.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47124	P	perl-HTML-Parser-3.71-1.145 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48124	P	libical1-1.0.1-16.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48040	P	gzip-1.10-2.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47826	P	mariadb-10.2.18-1.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47678	P	libXi6-1.7.4-17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47586	P	cups-pk-helper-0.2.5-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47454	P	openvswitch-2.7.0-2.29 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47261	P	gdk-pixbuf-loader-rsvg-2.40.15-4.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47140	P	python-requests-2.8.1-6.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47126	P	perl-Tk-804.031-3.76 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48351	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48280	P	python-cryptography-1.3.1-7.13.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48249	P	openssh-7.2p2-74.45.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48184	P	libqt4-32bit-4.8.7-8.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47123	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48353	P	yast2-core-3.3.1-1.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48282	P	python-doc-2.7.13-28.31.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48251	P	opie-2.4-724.56 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48186	P	libraptor2-0-2.0.10-3.63 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48122	P	libhivex0-1.3.10-4.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48038	P	gv-3.7.4-1.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47824	P	mailman-2.1.17-1.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47676	P	libXfont1-1.5.1-11.3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47125	P	perl-LWP-Protocol-https-6.04-5.4 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47584	P	cups-1.7.5-20.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47452	P	openssh-7.2p2-69.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47259	P	gd-2.1.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:62384	P	docker-19.03.15_ce-6.46.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101128	P	docker-19.03.15_ce-6.46.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:55227	P	Security update for libsndfile (Critical)	2021-08-05
oval:org.opensuse.security:def:36491	P	libsss_idmap-devel-1.9.4-0.16.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71089	P	python2-salt-2018.3.0-3.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:55910	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:36533	P	pango-devel-1.26.2-1.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:6901	P	Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP1) (Important)	2021-05-25
oval:org.opensuse.security:def:64502	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:6882	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP1) (Important)	2021-04-28
oval:org.opensuse.security:def:40422	P	Security update for kvm (Important)	2021-04-23
oval:org.opensuse.security:def:67749	P	Security update for the Linux Kernel (Live Patch 21 for SLE 15) (Important)	2021-04-07
oval:org.opensuse.security:def:7065	P	Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP2) (Important)	2021-04-07
oval:org.opensuse.security:def:6867	P	Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP1) (Important)	2021-04-07
oval:org.opensuse.security:def:19456	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:7001	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2021-02-10
oval:org.opensuse.security:def:7052	P	Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP2) (Important)	2020-12-07
oval:org.opensuse.security:def:62370	P	docker-18.09.1_ce-6.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:46353	P	docker-1.6.2-31.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35693	P	evolution-data-server-2.28.2-0.26.33.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107367	P	docker-19.03.5_ce-6.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35634	P	qt3-3.3.8b-88.21 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62376	P	docker-19.03.5_ce-6.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:46354	P	docker-1.8.3-52.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13233	P	docker-1.6.2-31.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116925	P	docker-19.03.5_ce-6.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62368	P	docker-17.09.1_ce-4.25 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:13234	P	docker-1.8.3-52.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35853	P	MozillaFirefox-17.0.4esr-0.10.42 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35809	P	postgresql-8.3.14-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35781	P	lvm2-2.02.84-3.25.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:89846	P	docker-18.09.1_ce-6.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35742	P	libcgroup1-0.34-2.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:103501	P	docker-18.09.1_ce-6.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:18553	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:56469	P	Security update for xerces-j2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:73359	P	docker on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18515	P	Security update for unixODBC (Moderate)	2020-12-01
oval:org.opensuse.security:def:56395	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:49320	P	python3-urllib3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34994	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:18481	P	Fixing security issues on OBS toolchain (Important)	2020-12-01
oval:org.opensuse.security:def:19430	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18423	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:40941	P	Security update for nfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:18337	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:40890	P	Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:41624	P	Security update for docker, sle2docker, go (Moderate)	2020-12-01
oval:org.opensuse.security:def:18302	P	Security update for libmicrohttpd (Moderate)	2020-12-01
oval:org.opensuse.security:def:40861	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:55064	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40816	P	Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:18294	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:35474	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35384	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:7043	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49326	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:39988	P	Security update for Linux Kernel Live Patch 15 for SLE 12 (Important)	2020-12-01
oval:org.opensuse.security:def:35327	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:56303	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:35226	P	Security update for lzo	2020-12-01
oval:org.opensuse.security:def:56195	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:35090	P	Security update for kdebase4-workspace (Moderate)	2020-12-01
oval:org.opensuse.security:def:49372	P	docker on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35006	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:55744	P	Security update for xfsprogs (Moderate)	2020-12-01
oval:org.opensuse.security:def:34995	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:55638	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:41579	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:55465	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:40764	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:73241	P	libvorbis-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40700	P	Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:18792	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:66668	P	docker on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55087	P	cvs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40524	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:18768	P	Security update for pacemaker (Important)	2020-12-01
oval:org.opensuse.security:def:55065	P	bash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18756	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:64415	P	logrotate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40353	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:7034	P	libexif12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40244	P	Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:40092	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:49374	P	docker on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40000	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)	2020-12-01
oval:org.opensuse.security:def:39989	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:49318	P	python3-salt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6820	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67849	P	docker on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6774	P	libvirglrenderer0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6752	P	libreoffice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66576	P	opensc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:6744	P	libproxy1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18698	P	Security update for xmltooling (Moderate)	2020-12-01
oval:org.opensuse.security:def:56588	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18665	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:56507	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:49380	P	docker on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:27549	P	ELSA-2014-3095 -- docker security and bug fix update (important)	2015-01-26
oval:com.ubuntu.trusty:def:20146408000	V	CVE-2014-6408 on Ubuntu 14.04 LTS (trusty) - medium.	2014-12-12

BACK