Bug 1063549 (CVE-2014-0047) - CVE-2014-0047 Docker: multiple temporary file creation vulnerabilities
Summary: CVE-2014-0047 Docker: multiple temporary file creation vulnerabilities
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2014-0047
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1063553
Blocks: 1063551
TreeView+ depends on / blocked
 
Reported: 2014-02-11 01:24 UTC by Kurt Seifried
Modified: 2019-09-29 13:13 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-24 05:19:04 UTC
Embargoed:


Attachments (Terms of Use)

Description Kurt Seifried 2014-02-11 01:24:50 UTC
Kurt Seifried of the Red Hat Security Response Team reports:

A number of unsafe uses of /tmp, ranging from actual code to test code and
documentation exmaples. In general many are due to unsafe use in bash scripts, 
and can be fixed by using mktemp() correctly. There is also at least one Ruby 
one (the Vagrant file) and several go scripts that use bash command lines 
unsafely.

Comment 2 Trevor Jay 2015-03-24 05:19:04 UTC
Under 1.5, I deleted /tmp, started the docker service, pulled an image, and started a container with no mishaps or creation of /tmp.


Note You need to log in before you can comment on or make changes to this bug.