Headline
CVE-2022-0074: ols-dockerfiles/Dockerfile at master · litespeedtech/ols-dockerfiles
Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1.
Permalink
3 contributors
Users who have contributed to this file
FROM ubuntu:22.04
ARG OLS_VERSION
ARG PHP_VERSION
RUN apt-get update && apt-get install wget curl cron tzdata -y
RUN wget https://openlitespeed.org/preuse/openlitespeed-$OLS_VERSION.tgz && \
tar xzf openlitespeed-$OLS_VERSION.tgz && cd openlitespeed && ./install.sh && \
echo ‘cloud-docker’ > /usr/local/lsws/PLAT && rm -rf /openlitespeed && rm /openlitespeed-$OLS_VERSION.tgz
RUN apt-get install mysql-client $PHP_VERSION $PHP_VERSION-common $PHP_VERSION-mysql $PHP_VERSION-opcache \
$PHP_VERSION-curl $PHP_VERSION-imagick $PHP_VERSION-redis $PHP_VERSION-memcached $PHP_VERSION-intl -y
RUN ["/bin/bash", "-c", “if [[ $PHP_VERSION == lsphp7* ]]; then apt-get install $PHP_VERSION-json -y; fi”]
RUN wget -O /usr/local/lsws/admin/misc/lsup.sh \
https://raw.githubusercontent.com/litespeedtech/openlitespeed/master/dist/admin/misc/lsup.sh && \
chmod +x /usr/local/lsws/admin/misc/lsup.sh
RUN curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar && \
chmod +x wp-cli.phar && mv wp-cli.phar /usr/bin/wp && \
ln -s /usr/local/lsws/$PHP_VERSION/bin/php /usr/bin/php
RUN wget -O - https://get.acme.sh | sh
EXPOSE 7080
ENV PATH="/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin"
ADD docker.conf /usr/local/lsws/conf/templates/docker.conf
ADD setup_docker.sh /usr/local/lsws/bin/setup_docker.sh
ADD httpd_config.xml /usr/local/lsws/conf/httpd_config.xml
ADD htpasswd /usr/local/lsws/admin/conf/htpasswd
RUN /usr/local/lsws/bin/setup_docker.sh && rm /usr/local/lsws/bin/setup_docker.sh
RUN chown 999:999 /usr/local/lsws/conf -R
RUN cp -RP /usr/local/lsws/conf/ /usr/local/lsws/.conf/
RUN cp -RP /usr/local/lsws/admin/conf /usr/local/lsws/admin/.conf/
#RUN sed -i “s|fcgi-bin/lsphp|/usr/local/lsws/$PHP_VERSION/bin/lsphp|g” /usr/local/lsws/conf/httpd_config.conf
RUN ["/bin/bash", "-c", “if [[ $PHP_VERSION == lsphp8* ]]; then ln -sf /usr/local/lsws/$PHP_VERSION/bin/lsphp /usr/local/lsws/fcgi-bin/lsphp8; fi”]
RUN ["/bin/bash", "-c", “if [[ $PHP_VERSION == lsphp8* ]]; then ln -sf /usr/local/lsws/fcgi-bin/lsphp8 /usr/local/lsws/fcgi-bin/lsphp; fi”]
RUN ["/bin/bash", "-c", “if [[ $PHP_VERSION == lsphp7* ]]; then ln -sf /usr/local/lsws/$PHP_VERSION/bin/lsphp /usr/local/lsws/fcgi-bin/lsphp7; fi”]
RUN ["/bin/bash", "-c", “if [[ $PHP_VERSION == lsphp7* ]]; then ln -sf /usr/local/lsws/fcgi-bin/lsphp7 /usr/local/lsws/fcgi-bin/lsphp; fi”]
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT [“/entrypoint.sh”]
WORKDIR /var/www/vhosts/
Related news
Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report.