News

Docker’s vulnerability allows reading and writing any file on the host

In Docker discovered vulnerability of parallelism uncertainty, or so called “race condition”.

With its help attacker can write and read any file on a host. Issue involves all Docker versions.

Vulnerability is similar to CVE-2018-15664 and allows attacker rewrite resource pathways after permission and before start of program’s work on this resource (TOCTOU error).

Issue affects FollowSymlinkScope function, vulnerable to base TOCTOU attack. This function is used for secure permission for path while all processes processed in a way as if they are going inside Docker container.

Permitted path is not used at once, but after a while. This occurred “window” can use attackers and add symbolic links that will be finally enabled on the host with superuser’s privileges.

Aleksa Sarai
As explained by Suse specialist Aleksa Sarai, this can be done with the help of the ‘docker cp’ utility, which allows copying content between the container and the file system.

“If an attacker can add a symlink component to the path *after* the resolution but *before*
it is operated on, then you could end up resolving the symlink path component on the host as root. In the case of ‘docker cp’ this gives you read *and* write access to any path on the host” , — said Aleksa Sarai.

Trying to avoid vulnerability exploitation, Sarai recommended modifing ‘chrootarchive’ in a way that archive operation would be performed in a safe environment, where superuser is ‘rootfs’ container.

Researcher also presented two scripts – one for writing and second for reading. Prior to publication of details Sarai informed Docker developers.

Source: https://seclists.org

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

1 day ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

1 day ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago