NewStart CGSL MAIN 6.06 : docker-ce Multiple Vulnerabilities (NS-SA-2025-0217)

high Nessus Plugin ID 266258

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has docker-ce packages installed that are affected by multiple vulnerabilities:

- runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
(CVE-2019-5736)

- Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. (CVE-2017-14992)

- The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a scsi remove-single-device line to /proc/scsi/scsi, aka SCSI MICDROP. (CVE-2017-16539)

- libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.
(CVE-2017-18367)

- The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness. (CVE-2018-10892)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL docker-ce packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

Plugin Details

Severity: High

ID: 266258

File Name: newstart_cgsl_NS-SA-2025-0217_docker-ce.nasl

Version: 1.1

Type: local

Family: NewStart CGSL Local Security Checks

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-5736

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 8.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:docker-ce

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 11/1/2017

Reference Information

CVE: CVE-2017-14992, CVE-2017-16539, CVE-2017-18367, CVE-2018-10892, CVE-2018-12608, CVE-2018-15664, CVE-2018-20699, CVE-2019-13139, CVE-2019-13509, CVE-2019-5736, CVE-2020-13401, CVE-2020-28362, CVE-2021-21284, CVE-2021-21285, CVE-2021-41089, CVE-2021-41091

Detections

Analytics