Debian update for docker.io



Published: 2019-09-10 | Updated: 2023-03-16
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2019-13139
CVE-2019-13509
CVE-2019-14271
CWE-ID CWE-77
CWE-532
CWE-427
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe 		docker.io (Debian package)
Operating systems & Components / Operating system package or component

Vendor Debian

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Command Injection

EUVDB-ID: #VU20954

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-13139

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local attacker to inject and execute arbitrary commands on the target system.

The vulnerability exists due to the affected software misinterprets the "git ref" command as a flag. A local authenticated user who is able to execute the "docker build" command and has control over the build path can inject and execute arbitrary commands on the target system.

Mitigation

Update the affected package to version: 18.09.1+dfsg1-7.1+deb10u1.

Vulnerable software versions

docker.io (Debian package): 18.09.1+dfsg1-7.1

External links

http://www.debian.org/security/2019/dsa-4521


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Inclusion of Sensitive Information in Log Files

EUVDB-ID: #VU19390

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13509

CWE-ID: CWE-532 - Information Exposure Through Log Files

Exploit availability: No

Description

The vulnerability allows a local attacker to access sensitive information on a targeted system.

The vulnerability exists due to the software can add secrets to the debug log when the "docker stack deploy" command is used while running in debug mode to redeploy a stack which includes non-external secrets. A local authenticated attacker can gain access to sensitive information, such as secrets in the log files on a targeted system.

Mitigation

Update the affected package to version: 18.09.1+dfsg1-7.1+deb10u1.

Vulnerable software versions

docker.io (Debian package): 18.09.1+dfsg1-7.1

External links

http://www.debian.org/security/2019/dsa-4521


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Insecure dynamic library loading

EUVDB-ID: #VU20969

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-14271

CWE-ID: CWE-427 - Uncontrolled Search Path Element

Exploit availability: Yes

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to the application loads NSS libraries in docker cp in an insecure manner. A local attacker can pass a specially crafted library file to the application and execute arbitrary code on the system with elevated privileges.

Mitigation

Update the affected package to version: 18.09.1+dfsg1-7.1+deb10u1.

Vulnerable software versions

docker.io (Debian package): 18.09.1+dfsg1-7.1

External links

http://www.debian.org/security/2019/dsa-4521


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###