Test Kennung:	1.3.6.1.4.1.25623.1.0.107338
Kategorie:	Privilege escalation
Titel:	Docker for Windows Privilege Escalation Vulnerability
Zusammenfassung:	Docker for Windows is prone to a privilege escalation; vulnerability.
Beschreibung:	Summary: Docker for Windows is prone to a privilege escalation vulnerability. Vulnerability Insight: HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the '\\.\pipe\dockerBackend' named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in the 'docker-users' group (who may not otherwise have administrator access) to escalate to administrator privileges. Affected Software/OS: Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable). Solution: Update to version 18.06.0-ce-rc3-win68 (edge) respectively 18.06.0-ce-win72 (stable) or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-15514 BugTraq ID: 105202 http://www.securityfocus.com/bid/105202 https://docs.docker.com/docker-for-windows/edge-release-notes/ https://docs.docker.com/docker-for-windows/release-notes/ https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.