CVE-2016-0761 - Vulnerability Details

Vendors	Products
Cloudfoundry	Garden Linux
Pivotal Software	Cloud Foundry Elastic Runtime

Link	Providers
https://pivotal.io/security/cve-2016-0761

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Cloud Foundry", "vendor": "Pivotal", "versions": [{"status": "affected", "version": "Garden-Linux versions prior to v0.333.0"}, {"status": "affected", "version": "Elastic Runtime 1.6.x version prior to 1.6.17."}]}], "datePublic": "2016-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host."}], "problemTypes": [{"descriptions": [{"description": "File corruption", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-25T16:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2016-0761"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-0761", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cloud Foundry", "version": {"version_data": [{"version_value": "Garden-Linux versions prior to v0.333.0"}, {"version_value": "Elastic Runtime 1.6.x version prior to 1.6.17."}]}}]}, "vendor_name": "Pivotal"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "File corruption"}]}]}, "references": {"reference_data": [{"name": "https://pivotal.io/security/cve-2016-0761", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2016-0761"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:04.112Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2016-0761"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-0761", "datePublished": "2017-05-25T17:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:04.112Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Cloud Foundry (string)

vendor : Pivotal (string)

versions : [ »

0 : { »

status : affected (string)

version : Garden-Linux versions prior to v0.333.0 (string)

}

1 : { »

status : affected (string)

version : Elastic Runtime 1.6.x version prior to 1.6.17. (string)

}

]

}

]

datePublic : 2016-02-26T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : File corruption (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-05-25T16:57:01 (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://pivotal.io/security/cve-2016-0761 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security_alert@emc.com (string)

ID : CVE-2016-0761 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Cloud Foundry (string)

version : { »

version_data : [ »

0 : { »

version_value : Garden-Linux versions prior to v0.333.0 (string)

}

1 : { »

version_value : Elastic Runtime 1.6.x version prior to 1.6.17. (string)

}

]

}

]

}

vendor_name : Pivotal (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : File corruption (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://pivotal.io/security/cve-2016-0761 (string)

refsource : CONFIRM (string)

url : https://pivotal.io/security/cve-2016-0761 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T22:30:04.112Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://pivotal.io/security/cve-2016-0761 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2016-0761 (string)

datePublished : 2017-05-25T17:00:00 (string)

dateReserved : 2015-12-16T00:00:00 (string)

dateUpdated : 2024-08-05T22:30:04.112Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:garden_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "4924F19F-491B-4CD8-936F-8E1984899580", "versionEndIncluding": "0.332.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CC5918-BC38-46E3-8000-5FE87A65C0E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "36926681-35F4-4619-9613-155DEEEA3C8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "41FF3C2B-E96F-4DF7-A5C4-703206CB729E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F9CB3C2D-3080-4A3D-8D8D-1381B5D98920", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "782781EB-147C-4B00-84C5-1D8443BFA2D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "35A56755-EEB2-4C93-B180-3918A36965AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E4009F10-08AF-470B-B903-38B8A6DBF332", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "790DAB24-893A-463F-8358-171DACD75074", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "3645A1A8-4945-447F-A968-101D5938F9C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "0E52C9B9-8F94-48D8-ADA6-96918F6AAD36", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "3948FC2F-AF3B-4AF3-968D-F124D03A213A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "7B414F88-6541-48C6-B9D6-4DDA035A0037", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "66235C7F-D5EE-4989-8D24-6D0781954234", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "12E75B49-2419-4313-A648-B5283DA620E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "EED70273-3FB2-4652-9AA2-10E2E9D581DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host."}, {"lang": "es", "value": "Garden-Linux versiones anteriores a v0.333.0 y Elastic Runtime versiones 1.6.x anteriores a 1.6.17 de Cloud Foundry, contienen un fallo en la administraci\u00f3n de archivos de contenedor durante la preparaci\u00f3n de la imagen Docker que se podr\u00eda usar para eliminar, corromper o sobrescribir archivos y directorios del host, incluyendo otros sistemas de archivos de contenedor en el host."}], "id": "CVE-2016-0761", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-25T17:29:00.490", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2016-0761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pivotal.io/security/cve-2016-0761"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-19"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cloudfoundry:garden_linux:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4924F19F-491B-4CD8-936F-8E1984899580 (string)

versionEndIncluding : 0.332.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F4CC5918-BC38-46E3-8000-5FE87A65C0E7 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 36926681-35F4-4619-9613-155DEEEA3C8F (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 41FF3C2B-E96F-4DF7-A5C4-703206CB729E (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:* (string)

matchCriteriaId : F9CB3C2D-3080-4A3D-8D8D-1381B5D98920 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 782781EB-147C-4B00-84C5-1D8443BFA2D6 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 35A56755-EEB2-4C93-B180-3918A36965AA (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:* (string)

matchCriteriaId : E4009F10-08AF-470B-B903-38B8A6DBF332 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B2E8F04-53E6-4A3C-BE4B-8D0DDA22CA8C (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 790DAB24-893A-463F-8358-171DACD75074 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:* (string)

matchCriteriaId : 3645A1A8-4945-447F-A968-101D5938F9C8 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E52C9B9-8F94-48D8-ADA6-96918F6AAD36 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:* (string)

matchCriteriaId : 3948FC2F-AF3B-4AF3-968D-F124D03A213A (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:* (string)

matchCriteriaId : 4BA44F9B-97D5-48C0-91E9-6D3FEC8B7773 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:* (string)

matchCriteriaId : 7B414F88-6541-48C6-B9D6-4DDA035A0037 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:* (string)

matchCriteriaId : 66235C7F-D5EE-4989-8D24-6D0781954234 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:* (string)

matchCriteriaId : 12E75B49-2419-4313-A648-B5283DA620E7 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:* (string)

matchCriteriaId : EED70273-3FB2-4652-9AA2-10E2E9D581DE (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. (string)

}

1 : { »

lang : es (string)

value : Garden-Linux versiones anteriores a v0.333.0 y Elastic Runtime versiones 1.6.x anteriores a 1.6.17 de Cloud Foundry, contienen un fallo en la administración de archivos de contenedor durante la preparación de la imagen Docker que se podría usar para eliminar, corromper o sobrescribir archivos y directorios del host, incluyendo otros sistemas de archivos de contenedor en el host. (string)

}

]

id : CVE-2016-0761 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-05-25T17:29:00.490 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://pivotal.io/security/cve-2016-0761 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://pivotal.io/security/cve-2016-0761 (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-19 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object