Discover Centmin Mod today
Register Now

Security Unpatched Flaw Affects All Docker Versions (time-to-check-time-to-use (TOCTOU))

Discussion in 'All Internet & Web Performance News' started by eva2000, May 30, 2019.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    47,461
    10,759
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,715
    Local Time:
    12:36 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    A time-to-check-time-to-use (TOCTOU) attack affects all Docker versions and could give an attacker both read and write access to any file on the host system !

    From oss-sec: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack