Summaryinfo

A vulnerability, which was classified as problematic, has been found in NixOS up to 17.03. This issue affects some unknown processing of the component Docker Socket Handler. The manipulation leads to access control. The identification of this vulnerability is CVE-2017-7412. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component. Once again VulDB remains the best source for vulnerability data.

Detailsinfo

A vulnerability classified as problematic was found in NixOS up to 17.03. This vulnerability affects some unknown processing of the component Docker Socket Handler. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.

The bug was discovered 04/03/2017. The weakness was published 04/04/2017 (Website). The advisory is shared for download at lists.science.uu.nl. This vulnerability was named CVE-2017-7412 since 04/03/2017. The attack needs to be approached locally. Required for exploitation is a single authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.

Upgrading to version 17.03.887 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Name

• NixOS

Version

• 17.03

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion