CVE-2018-15664 (retired)

Priority
Description
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp'
command are vulnerable to a symlink-exchange attack with Directory
Traversal, giving attackers arbitrary read-write access to the host
filesystem with root privileges, because daemon/archive.go does not do
archive operations on a frozen filesystem (or from within a chroot).
Notes
 mdeslaur> initial commits caused a regression which then got fixed, see
 mdeslaur> upstream bug
Package
Upstream:released (18.09.07)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (18.09.7-0ubuntu1~16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (18.09.7-0ubuntu1~18.04.3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (18.09.7-0ubuntu1~18.10.3)
Ubuntu 19.04 (Disco Dingo):released (18.09.7-0ubuntu1~19.04.4)
Ubuntu 19.10 (Eoan):not-affected (18.09.7-0ubuntu1)
Patches:
Upstream:https://github.com/moby/moby/commit/d089b639372a8f9301747ea56eaf0a42df24016a
Upstream:https://github.com/moby/moby/commit/3029e765e241ea2b5249868705dbf9095bc4d529
Upstream:https://github.com/moby/moby/commit/fb5fe241b5931c7031fc4aa2ad4ca61159888df1
Other:https://github.com/moby/moby/pull/39292
More Information

Updated: 2019-07-15 17:15:02 UTC (commit e7ec88eb7fc890b454a775805b924a9028d6a3c3)