KLA10820
Privilege escalation vulnerability in Docker
Updated: 06/01/2019
Detect date
?
06/01/2016
Severity
?
Warning
Description

An improper treating of a numeric UID was found in Docker. By exploiting this vulnerability malicious users can escalate privileges. This vulnerability can be exploited locally via a numeric username in the password file.


Technical details

This vulnerability is related to libcontainer/user/user.go in runC.

Affected products

Docker versions earlier than 1.11.2

Solution

Update to the latest version
Get Docker

Impacts
?
PE 
[?]
CVE-IDS
?
CVE-2016-36972.1Warning