Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Container security: Privilege escalation bug patched in Docker Engine

A vulnerability in a Docker Engine security feature potentially allowed attackers to escalate privileges from a remapped user to root.

“The two avenues of exploitation I found would allow writing of arbitrary files as the real root user” or seizing ownership of files previously accessible only by the root user, security researcher Alex Chapman, who unearthed the flaw, tells The Daily Swig.

The vulnerable function in question – ‘–userns-remap’ – “is an optional security enhancement which isolates container users within a user namespace”, he explains.

“What this means is that, when enabled, the ‘root’ user within the container is actually mapped to a non-privileged user in the container host.”

If an attacker has root access to, and can escape, a Docker container, “the user they can run commands as on the host is not the privileged root user”, he adds.

“This bug allowed this non-privileged, remapped user to escalate to the real ‘root’ user by exploiting various race conditions in Docker when building or starting containers.”

The flaw (CVE-2021-21284) resides in the Docker Engine package, docker-ce.

Limited exploitation

If –userns-remap is enabled and “the root user in the remapped namespace has access to the host filesystem, they can modify files under /var/lib/docker/<remapping> that cause writing files with extended privileges.”

security advisory posted by Docker’s Moby Project to GitHub on February 1 actually classifies the bug as ‘low’ impact, but Chapman describes it as “an odd one, impact wise” and said he “would have preferred medium impact”.

However, the researcher acknowledged that “exploitation is a little limited”, given its contingency on escaping the container, and “another user (or system service) creating or building a container” so the attacker can “replace files written during the container creation or build process”.

Moreover, “as far as I am aware the ‘–userns-remap’ is not that widely used”, he adds.

The flaw was fixed in docker-ce versions 19.03.15 and 20.10.3. All previous versions on those release lines were affected by the vulnerability.

Source: https://portswigger.net/daily-swig/container-security-privilege-escalation-bug-patched-in-docker-engine

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO