Welcome to Centmin Mod Community
Become a Member

Security Unpatched Flaw Affects All Docker Versions (time-to-check-time-to-use (TOCTOU))

Discussion in 'All Internet & Web Performance News' started by eva2000, May 30, 2019.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    51,210
    11,898
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,372
    Local Time:
    3:23 PM
    Nginx 1.25.x
    MariaDB 10.x
    A time-to-check-time-to-use (TOCTOU) attack affects all Docker versions and could give an attacker both read and write access to any file on the host system !

    From oss-sec: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack