Serviceteam IT Security News

Security researchers are urging Docker customers to upgrade to the latest version after detailing a proof-of-concept (PoC) attack exploiting a critical vulnerability, which could lead to full container escape.

The CVE-2019-14271 flaw was fixed in Docker version 19.03.1, but if left unpatched could give an attacker full root code execution on the host.

“The vulnerability can be exploited, provided that a container has been compromised by a previous attack (e.g. through any other vulnerability, leaked secrets, etc.), or when a user runs a malicious container image from an untrusted source (registry or other),” explained Palo Alto Networks senior security researcher, Yuval Avrahami.

“If the user then executes the vulnerable cp command to copy files out of the compromised container, the attacker can escape and take full root control of the host and all other containers in it.”

It has been described as one of the most serious of several vulnerabilities related to the copy (cp) command detected in various container platforms such as Docker, Podman and Kubernetes over the past few years.

It’s also the first container breakout flaw since the runC vulnerability was discovered back in February.

Avrahami urged Docker developers to restrict their attack surface by never running untrusted images, and recommended they run containers as a non-root user, when root is not strictly necessary.

“This further increases their security and prevents attackers from exploiting many of the flaws that may be found in container engines or the kernel,” he added.

“In the case of CVE-2019-14271, if your container is run with a non-root user, you are protected. Even if an attacker compromised your container, he cannot overwrite the container’s libnss libraries as they are owned by root, and therefore cannot exploit the vulnerability.”

Although the vulnerability was disclosed and then patched by Docker in July, Avrahami warned that it received little public attention, “perhaps due to an ambiguous CVE description and a lack of a published exploit.”

The hope is that this first PoC will focus the minds of Docker customers, if they haven’t patched already.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!