Vulnerabilities > CVE-2018-10892

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

nessus

NVD

Published: 2018-07-06

Updated: 2024-11-21

Summary

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

Vulnerable Configurations

Part	Description	Count
Application	Docker Docker Docker *	2
Application	Mobyproject Mobyproject Moby 1.11.0 Mobyproject Moby 1.11.1 Mobyproject Moby 1.11.2 Mobyproject Moby 1.12.0 Mobyproject Moby 1.12.1 Mobyproject Moby 1.12.2 Mobyproject Moby 1.12.3 Mobyproject Moby 1.12.4 Mobyproject Moby 1.12.5 Mobyproject Moby 1.12.6 Mobyproject Moby 1.13.0 Mobyproject Moby 1.13.1 Mobyproject Moby 17.0.6 Mobyproject Moby 17.03.0 Mobyproject Moby 17.03.1 Mobyproject Moby 17.03.2	45
Application	Redhat Redhat Openstack 12	1
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux Server 7.0	2
OS	Opensuse Opensuse Leap 15.0 Opensuse Leap 15.1	2

Nessus

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1071.NASL
description	The default OCI Linux spec in oci/defaults{_linux}.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host
last seen	2020-06-01
modified	2020-06-02
plugin id	117343
published	2018-09-07
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117343
title	Amazon Linux AMI : docker (ALAS-2018-1071)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2018-1071. # include("compat.inc"); if (description) { script_id(117343); script_version("1.1"); script_cvs_date("Date: 2018/09/07 17:03:10"); script_cve_id("CVE-2018-10892"); script_xref(name:"ALAS", value:"2018-1071"); script_name(english:"Amazon Linux AMI : docker (ALAS-2018-1071)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The default OCI Linux spec in oci/defaults{_linux}.go in Docker/Moby, from 1.11 to current, does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling Bluetooth or turning up/down keyboard brightness.(CVE-2018-10892)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2018-1071.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update docker' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:docker-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", cpu:"x86_64", reference:"docker-18.06.1ce-2.16.amzn1")) flag++; if (rpm_check(release:"ALA", cpu:"x86_64", reference:"docker-debuginfo-18.06.1ce-2.16.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker / docker-debuginfo"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2117-1.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	127884
published	2019-08-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127884
title	SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2019:2117-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-28F30EFAF6.NASL
description	Update to latest version. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120308
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120308
title	Fedora 28 : 2:cri-o (2018-28f30efaf6)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-723711C645.NASL
description	- Resolves: #1666565, #1667625 - CVE-2018-20699 - Resolves: #1663068, #1667626 - umount all procfs and sysfs with --no-pivot - built docker @projectatomic/docker-1.13.1 commit 1185cfd - built docker-runc @projectatomic/docker-1.13.1 commit e4ffe43 ---- Resolves: #1598581, #1598582 - CVE-2018-10892 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2019-01-31
plugin id	121488
published	2019-01-31
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121488
title	Fedora 28 : 2:docker-latest (2019-723711c645)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2018-2482.NASL
description	An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Docker is an open source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Security Fix(es) : * docker: container breakout without selinux in enforcing mode (CVE-2018-10892) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Antonio Murdaca (Red Hat). Bug Fix(es) : * Previously, the `dontaudit` and `allow` SELinux rules were missing, so the kernel raised a SELinux AVC message. Consequently, some commands did not work as expected. This update adds the missing rules, and the commands now run successfully. (BZ#1550967) * Previously, during a restart the container daemon did not restore the state of a container correctly if an exec
last seen	2020-06-01
modified	2020-06-02
plugin id	111805
published	2018-08-17
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111805
title	RHEL 7 : docker (RHSA-2018:2482)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-6243646704.NASL
description	Latest release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120472
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120472
title	Fedora 28 : podman (2018-6243646704)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-9695E9B0ED.NASL
description	Resolves: #1598581, #1598583 - CVE-2018-10892 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120633
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120633
title	Fedora 28 : 2:docker (2018-9695e9b0ed)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2021.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc : - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd : - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork : - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	128409
published	2019-08-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128409
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-2021)

Redhat

advisories

rhsa
id RHBA-2018:2796
rhsa
id RHSA-2018:2482
rhsa
id RHSA-2018:2729

rpms

podman-0:0.9.2-5.git37a2afe.el7_5
podman-debuginfo-0:0.9.2-5.git37a2afe.el7_5
docker-2:1.13.1-74.git6e3bb8e.el7
docker-client-2:1.13.1-74.git6e3bb8e.el7
docker-common-2:1.13.1-74.git6e3bb8e.el7
docker-debuginfo-2:1.13.1-74.git6e3bb8e.el7
docker-logrotate-2:1.13.1-74.git6e3bb8e.el7
docker-lvm-plugin-2:1.13.1-74.git6e3bb8e.el7
docker-novolume-plugin-2:1.13.1-74.git6e3bb8e.el7
docker-rhel-push-plugin-2:1.13.1-74.git6e3bb8e.el7
docker-v1.10-migrator-2:1.13.1-74.git6e3bb8e.el7

Vulnerabilities > CVE-2018-10892 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2018-10892"}]}

Summary

Vulnerable Configurations

Nessus

Redhat

References

Vulnerabilities > CVE-2018-10892