VYPR
← All advisories
High severityNVD Advisory· Published Jul 11, 2014· Updated May 6, 2026

CVE-2014-3499

CVE-2014-3499

Description

Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/docker/dockerGo
< 1.0.11.0.1

Affected products

3
  • Docker/Docker
    cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*
  • Fedoraproject/Fedora2 versions
    cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

Patches

1
707ef9618b3b

Update close fd issues for lxc

https://github.com/docker/dockerMichael CrosbyJun 19, 2014via ghsa
commit
2 files changed · +9 7
  • daemon/execdriver/lxc/driver.go+0 7 modified
    @@ -19,7 +19,6 @@ import (
 	"github.com/docker/libcontainer/label"
 	"github.com/docker/libcontainer/mount/nodes"
 	"github.com/dotcloud/docker/daemon/execdriver"
-	"github.com/dotcloud/docker/pkg/system"
 	"github.com/dotcloud/docker/utils"
 )
 
@@ -37,12 +36,6 @@ func init() {
 		if err := setupNetworking(args); err != nil {
 			return err
 		}
-		if err := setupWorkingDirectory(args); err != nil {
-			return err
-		}
-		if err := system.CloseFdsFrom(3); err != nil {
-			return err
-		}
 		if err := finalizeNamespace(args); err != nil {
 			return err
 		}
  • daemon/execdriver/lxc/lxc_init_linux.go+9 0 modified
    @@ -8,6 +8,7 @@ import (
 
 	"github.com/docker/libcontainer/namespaces"
 	"github.com/docker/libcontainer/security/capabilities"
+	"github.com/docker/libcontainer/utils"
 	"github.com/dotcloud/docker/daemon/execdriver"
 	"github.com/dotcloud/docker/daemon/execdriver/native/template"
 	"github.com/dotcloud/docker/pkg/system"
@@ -18,6 +19,10 @@ func setHostname(hostname string) error {
 }
 
 func finalizeNamespace(args *execdriver.InitArgs) error {
+	if err := utils.CloseExecFrom(3); err != nil {
+		return err
+	}
+
 	// We use the native drivers default template so that things like caps are consistent
 	// across both drivers
 	container := template.New()
@@ -49,5 +54,9 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 		}
 	}
 
+	if err := setupWorkingDirectory(args); err != nil {
+		return err
+	}
+
 	return nil
 }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.