An attacker can exploit vulnerabilities in order to compromise a host when a user enters the ‘rkt enter’ command (equivalent to the ‘docker exec’ command) via a module under its control.
“I don’t know how many users still run rkt in production, but if you do, avoid using the ‘rkt enter’ command, as it contains several unpatched vulnerabilities”, — recommended Yuval Avrahami.
The ‘rkt enter’ command allows you to execute binary code in a running container. The binary code is run with superuser privileges, but the seccomp and cgroup security mechanisms do not apply, which gives the attacker the opportunity to bypass the container.
To exploit vulnerabilities, an attacker must have access to containers with superuser privileges. Therefore, when a user runs the ‘rkt enter’ command, an attacker can rewrite the binary code and libraries (/bin/bash ? libc.so.6) inside the container in order to launch the malicious code.
The researcher privately informed the manufacturer about the problems. However, he was told that no time limit was fixed for fixing the vulnerability.
“I suggest considering alternative container runtimes which are more steadily maintained, such as Docker, podman or LXD”, — adviced Yuval Avrahami.
Apparently the researcher makes the final verdict on the rkt environment.
Source: https://www.twistlock.com
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…