ID CVE-2018-10892
Summary The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.
References
Vulnerable Configurations
  • cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*
    cpe:2.3:a:docker:docker:*:*:*:*:community_edition:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.11.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.11.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.11.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.11.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.2:rc3:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.2:rc3:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.0:rc7:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.0:rc7:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:1.13.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:1.13.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.03.0:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.03.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.03.0:ce:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.03.0:ce:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.03.0:ce-rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.03.0:ce-rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.03.1:*:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.03.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.03.1:ce:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.03.1:ce:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.03.1:ce-rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.03.1:ce-rc1:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.03.2:ce:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.03.2:ce:*:*:*:*:*:*
  • cpe:2.3:a:mobyproject:moby:17.03.2:ce-rc1:*:*:*:*:*:*
    cpe:2.3:a:mobyproject:moby:17.03.2:ce-rc1:*:*:*:*:*:*
  • cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*
    cpe:2.3:a:docker:docker:*:*:*:*:enterprise_edition:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-02-2023 - 23:31)
Impact:
Exploitability:
CWE CWE-250
CAPEC
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Expanding Control over the Operating System from the Database
    An attacker is able to leverage access gained to the database to read / write data to the file system, compromise the operating system, create a tunnel for accessing the host machine, and use this access to potentially attack other machines on the same network as the database machine. Traditionally SQL injections attacks are viewed as a way to gain unauthorized read access to the data stored in the database, modify the data in the database, delete the data, etc. However, almost every data base management system (DBMS) system includes facilities that if compromised allow an attacker complete access to the file system, operating system, and full access to the host running the database. The attacker can then use this privileged access to launch subsequent attacks. These facilities include dropping into a command shell, creating user defined functions that can call system level libraries present on the host machine, stored procedures, etc.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHBA-2018:2796
  • rhsa
    id RHSA-2018:2482
  • rhsa
    id RHSA-2018:2729
rpms
  • podman-0:0.9.2-5.git37a2afe.el7_5
  • podman-debuginfo-0:0.9.2-5.git37a2afe.el7_5
  • docker-2:1.13.1-74.git6e3bb8e.el7
  • docker-client-2:1.13.1-74.git6e3bb8e.el7
  • docker-common-2:1.13.1-74.git6e3bb8e.el7
  • docker-debuginfo-2:1.13.1-74.git6e3bb8e.el7
  • docker-logrotate-2:1.13.1-74.git6e3bb8e.el7
  • docker-lvm-plugin-2:1.13.1-74.git6e3bb8e.el7
  • docker-novolume-plugin-2:1.13.1-74.git6e3bb8e.el7
  • docker-rhel-push-plugin-2:1.13.1-74.git6e3bb8e.el7
  • docker-v1.10-migrator-2:1.13.1-74.git6e3bb8e.el7
refmap via4
confirm
suse openSUSE-SU-2019:2021
Last major update 12-02-2023 - 23:31
Published 06-07-2018 - 16:29
Last modified 12-02-2023 - 23:31
Back to Top