Docker×ÊÔ´ÖÎÀí¹ýʧÎó²îΣº¦Í¨¸æ
Ðû²¼Ê±¼ä 2019-12-24Îó²î±àºÅºÍ¼¶±ð
CVE±àºÅ£ºCVE-2019-17150£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
Ó°Ïì°æ±¾
Docker < 0.6.3
Îó²î¸ÅÊö
DockerÊÇÃÀ¹úDocker¹«Ë¾µÄÒ»¿î¿ªÔ´µÄÓ¦ÓÃÈÝÆ÷ÒýÇæ¡£¡£¡£¡£¡£¡£¸Ã²úÆ·Ö§³ÖÔÚLinuxϵͳÉϽ¨ÉèÒ»¸öÈÝÆ÷£¨ÇáÁ¿¼¶ÐéÄâ»ú£©²¢°²ÅźÍÔËÐÐÓ¦ÓóÌÐò£¬£¬£¬£¬£¬£¬£¬ÒÔ¼°Í¨¹ýÉèÖÃÎļþʵÏÖÓ¦ÓóÌÐòµÄ×Ô¶¯»¯×°Öᢰ²ÅźÍÉý¼¶¡£¡£¡£¡£¡£¡£
DockerÖеÄdocker-credential-secretservice±£´æ×ÊÔ´ÖÎÀí¹ýʧÎó²î£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚ³ÌÐòÔÚ¶Ô¹¤¾ß¾ÙÐÐÊͷŲÙ×÷֮ǰ£¬£¬£¬£¬£¬£¬£¬Ã»Óмì²é¸Ã¹¤¾ßÊÇ·ñ±£´æ¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îÌáÉýȨÏÞ²¢Ö´ÐдúÂë¡£¡£¡£¡£¡£¡£
Îó²îÑéÖ¤
ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£¡£
ÐÞ¸´½¨Òé
ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬£¬ÏêÇéÇë¹Ø×¢³§ÉÌÖ÷Ò³£º
https://www.docker.com/¡£¡£¡£¡£¡£¡£
²Î¿¼Á´½Ó
https://www.zerodayinitiative.com/advisories/ZDI-19-1030/