Alpine Docker-Bilder wurden mit leerem Passwort von „root“ Benutzern geliefert

Sicherheitsuntersuchungen von Cisco-Unternehmen bekannt gegebenen Daten zu CVE-2019-5021 in den Versammlungen der alpinen distributive für Docker Behälter Isolationssystem.

The essence of identified problem is that for “root” user was by default set by empty password without blocking of direct entrance under “root“.

„Aufgrund der Art dieser Ausgabe, systems deployed using affected versions of the Alpine Linux container that utilize Linux PAM, or some other mechanism that uses the system shadow file as an authentication database, may accept a NULL password for the root user”, - Bericht Cisco Talos Forscher.

It is worth reminding that Alpine is used for creation of digital images in Docker project (earlier assemblies were based on Ubuntu, but later were transited on Alpine).

Problem manifested since Alpine Docker 3.3. assembly, and was caused by progressive change that was added in 2015 (till 3.3 version in/etc/shadow was usedroot:!::0:::::line, and after cessation of-Dflag usage the lineroot:::0:::::began to be added.

Issue was initially detected and fixed in November 2015, but in a month by mistake raised in assembly files of the experimental branch, and later was transited in final assemblies.

“After discussions with Alpine Linux, it was discovered that this issue was also reported in their Github prior to our report, but was not flagged as a security issue and thus remained unresolved until it was rediscovered and reported by Cisco”, — say researchers.

In the details of the vulnerability stated that problem manifests in the latest branch Alpine Docker 3.9. Alpine developers in March 2019 launched a patch and vulnerability does not manifest in assemblies 3.9.2, 3.8.4, 3.7.3 und 3.6.5, but preserved in older branches 3.4.X und 3.5.X, that are not currently supported.

Außerdem, developers argue that vector for attack is quite narrow and attack should have access to same infrastructure.

Milderung

The root account should be explicitly disabled in Docker images built using affected versions as a base. The likelihood of exploitation of this vulnerability is environment-dependent, as successful exploitation requires that an exposed service or application utilise Linux PAM, or some other mechanism which uses the system shadow file as an authentication database.

Quelle: https://talosintelligence.com/

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

MageCart auf der Heroku Cloud Platform

Die Forscher fanden mehrere MageCart Web Skimmer Auf Heroku Cloud Platform

Forscher an Malwarebytes berichteten über mehr MageCart Web-Skimmer auf der Heroku Cloud-Plattform zu finden, …

Android Spyware CallerSpy

CallerSpy Spyware Masken als Android-Chat-Anwendung

Trend Micro Experten entdeckt die Malware CallerSpy, die Masken als Android-Chat-Anwendung, und, …

Hinterlasse eine Antwort