存储架构

Got Docker? Get patching…runc container breakout vuln allows root access

微信扫一扫,分享到朋友圈

Got Docker? Get patching…runc container breakout vuln allows root access
0 0

A vulnerability in the runc run time which could allow a malicious container to gain root access to host machines seems set to lead to a fraught day for container fans across the world.

Red Hat flashed an advisory as the US was waking up today, describing the bug – labelled CVE-2019-5736 – as “important”, and warning it “allows for a break out from the container to gain root-level access on the host machine.” It added it affects “both the docker and runc packages available on Red Hat Enterprise Linux 7”.

However, the impact will be much broader, as runc underpins Docker, containerd, Kubernetes and more, according to this announcement by runc maintainer Aleksa Sarai , who also provides details of a patch. Adam Iwaniuk and Borys Popławski areID’d as the researchers who uncovered the flaw.

As Red Hat put it, “A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system.”

Advertisement

Red Hat said it has delivered fixes in the Red Hat Enterprise Linux Extras channel. It also said that “Customers using docker (or docker-latest*) will need to update the docker package, which bundles its own version of runc. Customers using cri-o, podman, or any other container engine that depends on runc, will need to update the runc package.”

Sarai added, “I’ve discovered that LXC has a similar vulnerability, and they have also pushed a similar patch which we co-developed. LXC is a bit harder to exploit, but the same fundamental flaw exists.”

He added, “It is quite likely that most container runtimes are vulnerable to this flaw, unless they took very strange mitigations before-hand.”

感谢您的支持!

    How to Work with Hyper-V VHD and VHDX Files: Essential Basics

    上一篇

    Red Team Operations: Lock Picking and Physical Security

    下一篇

    您也可能喜欢

    评论已经被关闭。

    插入图片

    热门分类