Docker for Windows CVE-2018-15514 Remote Privilege Escalation Vulnerability

Docker for Windows is prone to a remote privilege-escalation vulnerability.
A remote attacker can exploit this issue to gain elevated privileges.
Versions prior to Docker for Windows 18.06.0-ce-rc3 are vulnerable.

Information

Bugtraq ID: 105202
Class: Design Error
CVE: CVE-2018-15514

Remote: Yes
Local: No
Published: Aug 31 2018 12:00AM
Updated: Aug 31 2018 12:00AM
Credit: Source Incite
Vulnerable: Docker Docker for Windows 18.06.0-ce-rc2
Docker Docker for Windows 18.06.0-ce-rc1
Docker Docker for Windows 18.05.0-ce-rc1
Docker Docker for Windows 18.05.0-ce

Not Vulnerable: Docker Docker for Windows 18.06.0-ce-rc3

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• Docker - Homepage (Docker)
  
• Docker for Windows Edge Release notes (Docker)
  
• Docker for Windows Stable Release notes (Docker)
  
• You can't contain me! :: Analyzing and Exploiting an Elevation of Privilege Vuln (Srcincite)
  

Source: www.securityfocus.com