CVE-2015-3629 : Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape conta

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.

Published 2015-05-18 15:59:16

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-3629

Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Docker » Libcontainer » Version: 1.6.0 For Docker
cpe:2.3:a:docker:libcontainer:1.6.0:*:*:*:*:docker:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-3629

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-3629

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2024-02-02
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-3629

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3629

http://seclists.org/fulldisclosure/2015/May/28

Full Disclosure: Docker 1.6.1 - Security Advisory [150507]
Mailing List;Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/131835/Docker-Privilege-Escalation-Information-Disclosure.html

Docker Privilege Escalation / Information Disclosure ≈ Packet Storm
Third Party Advisory;VDB Entry

CVEs referencing this url
https://groups.google.com/forum/#%21searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ

Inloggen - Google Accounts
Permissions Required

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2015-05/msg00023.html

openSUSE-SU-2015:0905-1: moderate: Security update for docker
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/74558

Libcontainer and Docker CVE-2015-3629 Local Privilege Escalation Vulnerability
Broken Link;Third Party Advisory;VDB Entry
https://groups.google.com/forum/#!searchin/docker-user/1.6.1/docker-user/47GZrihtr-4/nwgeOOFLexIJ

Docker-user - Google Groepen

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-3629

Products affected by CVE-2015-3629

Exploit prediction scoring system (EPSS) score for CVE-2015-3629

CVSS scores for CVE-2015-3629

CWE ids for CVE-2015-3629

References for CVE-2015-3629