CVE-2016-3697

Published: 01 June 2016

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
docker.io
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
runc
Launchpad, Ubuntu, Debian
Upstream
Released (0.1.0+dfsg-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.0.0~rc2+docker1.12.6-0ubuntu1~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist