Vulnerability Name:

CVE-2016-6595 (CCN-115835)

Assigned:2016-08-06
Published:2016-08-06
Updated:2017-08-16
Summary:** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions.
Note: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it's actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can't do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability."
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2016-6595

Source: CCN
Type: SECTRACK ID: 1036548
Docker Unspecified Flaw Lets Remote Authenticated Users Deny Service on the Target Swarm Cluster

Source: MLIST
Type: Third Party Advisory
[oss-security] 20160804 Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node

Source: MLIST
Type: Third Party Advisory
[oss-security] 20160901 Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node

Source: MLIST
Type: Third Party Advisory
[oss-security] 20160902 Re: cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node

Source: BID
Type: UNKNOWN
92195

Source: CCN
Type: BID-92195
Docker Swarmkit Local Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1036548

Source: CCN
Type: Docker Web site
Docker

Source: XF
Type: UNKNOWN
docker-cve20166595-dos(115835)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:docker:docker:1.12.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:docker:docker:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.trusty:def:20166595000
    V
    		CVE-2016-6595 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-01-04
    oval:com.ubuntu.xenial:def:20166595000
    V
    		CVE-2016-6595 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-01-04
    oval:com.ubuntu.xenial:def:201665950000000
    V
    		CVE-2016-6595 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-01-04
    BACK
    docker docker 1.12.0
    docker docker *