Docker Engine before 19.03.11 Improper Input Validation Vulnerability

Summary

In the Docker default configuration, the container network interface is a virtual ethernet link going to the host (veth interface). In this configuration, an attacker able to run a process as root in a container can send and receive arbitrary packets to the host using the CAP_NET_RAW capability (present in the default configuration).

Credit:

The information has been provided by Joel Smith

The original article can be found at:https://docs.docker.com/engine/release-notes/


Details

An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.

 

Vulnerable Systems:

Docker Engine before 19.03.11

 

CVE Information:

CVE-2020-13401

Disclosure Timeline:
Published Date:6/2/2020

Categories: FeaturedNews