Docker CVE-2018-15664 Symlink Directory Traversal Vulnerability

Docker is prone to a directory-traversal vulnerability.

An attacker may exploit this issue to gain read/write access to the files outside of the restricted directory; this may aid in further attacks.

Information

Bugtraq ID: 108507
Class: Input Validation Error
CVE: CVE-2018-15664

Remote: Yes
Local: No
Published: May 28 2019 12:00AM
Updated: May 28 2019 12:00AM
Credit: Aleksa Sarai
Vulnerable: Docker Docker 0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Docker - Homepage (Docker)
  
• Bug 1096726 - (CVE-2018-15664) VUL-0: CVE-2018-15664: docker: 'docker cp' is vu ()
  
• Properly handle paths with symlink path components #6000 ()
  
• cp command follows symlinks into the host filesystem, not the container #5619 ()
  
• CVE-2018-15664 | Docker Elevation of Privilege Vulnerability (Microsoft)
  
• CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack ()
  
• daemon: archive: pause containers before doing filesystem operations #39252 (Github)
  

Source: www.securityfocus.com