Vulnerabilities > CVE-2014-5277 - Code vulnerability in Docker
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0776.NASL description Updated docker packages that fix one security issue are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry. (CVE-2015-1843) Red Hat would like to thank Eric Windisch of Docker Inc. for reporting this issue. All docker users are advised to upgrade to these updated packages, which correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 82564 published 2015-04-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82564 title RHEL 7 : docker (RHSA-2015:0776) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-660.NASL description Docker was updated to version 1.3.1 to fix two security issues and several other bugs. These security issues were fixed : - Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon and registry (CVE-2014-5277). - Secure HTTPS connection to registries with certificate verification and without HTTP fallback unless `--insecure-registry` is specified. These non-security issues were fixed : - Fix issue where volumes would not be shared - Fix issue with `--iptables=false` not automatically setting `--ip-masq=false` - Fix docker run output to non-TTY stdout - Fix escaping `$` for environment variables - Fix issue with lowercase `onbuild` Dockerfile instruction - Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`, `WORKDIR`, `EXPOSE`, `VOLUME` and `USER` - docker `exec` allows you to run additional processes inside existing containers - docker `create` gives you the ability to create a container via the cli without executing a process - `--security-opts` options to allow user to customize container labels and apparmor profiles - docker `ps` filters - Wildcard support to copy/add - Move production urls to get.docker.com from get.docker.io - Allocate ip address on the bridge inside a valid cidr - Use drone.io for pr and ci testing - Ability to setup an official registry mirror - Ability to save multiple images with docker `save` go was updated to version 1.3.3 to fix one security issue and several other bugs. This security issue was fixed : - TLS client authentication issue (CVE-2014-7189). These non-security issues were fixed : - Avoid stripping debuginfo on arm, it fails (and is not necessary) - Revert the /usr/share/go/contrib symlink as it caused problems during update. Moved all go sources to /usr/share/go/contrib/src instead of /usr/share/go/contrib/src/pkg and created pkg and src symlinks in contrib to add it to GOPATH - Fixed %go_contribsrcdir value - Copy temporary macros.go as go.macros to avoid it to be built - Do not modify Source: files, because that makes the .src.rpm being tied to one specific arch. - Removed extra src folder in /usr/share/go/contrib: the goal is to transform this folder into a proper entry for GOPATH. This folder is now linked to %(_libdir)/go/contrib - go requires gcc to build sources using cgo - tools-packaging.patch: Allow building cover and vet tools in $GOROOT_TARGET/pkg/tool instead of $GOROOT/pkg/tool. This will allow building go tools as a separate package last seen 2020-06-05 modified 2014-11-14 plugin id 79241 published 2014-11-14 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79241 title openSUSE Security Update : docker / go (openSUSE-SU-2014:1411-1)