This exploit leverages an unprotected Docker TCP socket to create a container with the host's root filesystem mounted, allowing an attacker to escape the container and gain shell access on the host via chroot.
Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Docker Daemon (since 0.4.7, tested on Docker CE 17.06.0-ce and Docker Engine 1.13.1)
No auth needed
Prerequisites:Docker daemon with unprotected TCP socket (2375/tcp or 2376/tcp without TLS authentication)