CVE-2014-3499 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2014-3499

CWE

https://cwe.mitre.org/data/definitions/264.html

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Docker	Docker	1.0.0 (including)	1.0.0 (including)
Fedora	Fedoraproject	19 (including)	19 (including)
Fedora	Fedoraproject	20 (including)	20 (including)
Red Hat Enterprise Linux 7 Extras	RedHat	docker-0:0.11.1-22.el7	*
Docker.io	Ubuntu	upstream	*
Docker.io	Ubuntu	utopic	*
Docker.io	Ubuntu	vivid	*
Docker.io	Ubuntu	wily	*
Docker.io	Ubuntu	yakkety	*

References

http://rhn.redhat.com/errata/RHSA-2014-0820.html
https://bugzilla.redhat.com/show_bug.cgi?id=1111687
http://rhn.redhat.com/errata/RHSA-2014-0820.html
https://bugzilla.redhat.com/show_bug.cgi?id=1111687