Want to subscribe to topics you're interested in?
Become a Member

Security Unpatched Flaw Affects All Docker Versions (time-to-check-time-to-use (TOCTOU))

Discussion in 'All Internet & Web Performance News' started by eva2000, May 30, 2019.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    41,731
    9,397
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,434
    Local Time:
    9:27 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    A time-to-check-time-to-use (TOCTOU) attack affects all Docker versions and could give an attacker both read and write access to any file on the host system !

    From oss-sec: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack