Cloud Native ComputingNews

Security flaw targets Docker’s runc container runtime


SUSE Linux senior software engineer Aleksa Sarai has disclosed a security vulnerability affecting runc, the default container runtime for Docker and Kubernetes.

The vulnerability, designated CVE-2019-5736, can be used to attack any host system running containers.

The flaw allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host.

“The level of user interaction is being able to run any command (it doesn’t matter if the command is not attacker-controlled) as root within a container in either of these
contexts: creating a new container using an attacker-controlled image and attaching (docker exec) into an existing container which the attacker had previous write access to,” Sarai explained in a post to the OpenWall mailing list.

“While there are very few incidents that could qualify as a doomsday scenario for enterprise IT, a cascading set of exploits affecting a wide range of interconnected production systems qualifies…and that’s exactly what this vulnerability represents,” said Scott McCarty, principal product manager for containers at Red Hat, in a blog post.

The issue affects a number of open-source container management systems; one of them being Amazon Web Services.

Sarai has published a patch to fix the issue. Know more details here.

Don't miss out great stories, subscribe to our newsletter.

Global Cos adopt Red Hat’s integration architecture to improve Business Agility

Previous article

Google starts testing Augmented Reality Maps in private

Next article
Login/Sign up