Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Docker Engine 安全绕过漏洞
Vulnerability Description
Docker Engine是美国Docker公司的一套轻量级的运行环境和包管理工具。 Docker Engine 1.6.1之前版本中存在安全漏洞,该漏洞源于程序为/proc/asound、/proc/timer_stats、/proc/latency_stat和/proc/fs URI分配弱权限。本地攻击者可借助特制的图像利用该漏洞更改主机配置,获取敏感信息,实施协议降级攻击。
CVSS Information
N/A
Vulnerability Type
N/A