Name | CVE-2016-6349 |
Description | The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
NOT-FOR-US: oci-register-machine
https://www.openwall.com/lists/oss-security/2016/07/26/5
Requirement is that docker containers would register themselves to
to systemd-machined by oci-register-machine (not packaged in Debian,
and https://github.com/projectatomic/docker/commit/a307e90141ba31b378bc31bb7720ed141f47cd9b
not applied to docker.io).
https://github.com/systemd/systemd/issues/3815
The problem as well only arises with docker fork in RedHat, not with upstream docker
https://github.com/projectatomic/oci-register-machine/pull/22