Welcome to Centmin Mod Community
Register Now

Security Unpatched Flaw Affects All Docker Versions (time-to-check-time-to-use (TOCTOU))

Discussion in 'All Internet & Web Performance News' started by eva2000, May 30, 2019.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    54,548
    12,221
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,790
    Local Time:
    11:20 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    A time-to-check-time-to-use (TOCTOU) attack affects all Docker versions and could give an attacker both read and write access to any file on the host system !

    From oss-sec: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack