CVE-2016-3697

Published on: 06/01/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:03 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Docker from Docker contain the following vulnerability:

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

  • CVE-2016-3697 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Numeric user id passed to --user interpreted as user name if user name is numeric in container /etc/passwd · Issue #21436 · moby/moby · GitHub Patch
Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/docker/docker/issues/21436
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2634
openSUSE-SU-2016:1417-1: moderate: Security update for docker Mailing List
Third Party Advisory
lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1417
libcontainer: user: always treat numeric ids numerically · opencontainers/[email protected] · GitHub Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
Release Runc v0.1.0 · opencontainers/runc · GitHub Patch
Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/opencontainers/runc/releases/tag/v0.1.0
libcontainer: user: always treat numeric ids numerically by cyphar · Pull Request #708 · opencontainers/runc · GitHub Third Party Advisory
github.com
text/html
URL Logo CONFIRM github.com/opencontainers/runc/pull/708
Docker: Privilege escalation (GLSA 201612-28) — Gentoo security Third Party Advisory
security.gentoo.org
text/html
URL Logo GENTOO GLSA-201612-28
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1034

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationDockerDockerAllAllAllAll
ApplicationLinuxfoundationRuncAllAllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
Operating
System
OpensuseOpensuse13.2AllAllAll
  • cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*: