Vulnerabilities

Linux, Red Hat, Amazon and Azure users using runtime container runC affected by new vulnerability

Vulnerability has a score of 7.2/10 on the CVSS scale

Linux system users are dealing with a new
threat. According to network security and ethical hacking specialists from the
International Institute of Cyber Security, a critical vulnerability has been discovered
affecting the runC runtime container function that works with Docker, cri-o, containerd
and Kubernetes.

RunC is a command line interface tool suitable
for Open Container Initiative to generate and execute containers.

The vulnerability, tracked as CVE-2019-5736, allows
an infected container to overwrite the runC binary file and gain access to the
root on the host. In other words, this would allow the infected container to
gain control of the global host, so that attackers could execute any command.

“Most of the runtime container is likely to be
affected by this vulnerability, unless the administrators have taken action in
advance, which is quite unlikely,” a cybersecurity specialist mentioned. The
expert added that the vulnerability is blocked by the proper implementation of
user namespaces, “where the root is not mapped in the user’s namespace.”

Vulnerability has been considered critical by
some network
security
specialists. Experts mention that the vulnerability has a
score of 7.2/10 on the CVSS scale.

In the most recent days was developed a patch
to correct the vulnerability, which is being sent to users of runC. In
addition, several cloud service providers have been taking steps to implement
the update patch.

Although not specific to the Kubernetes
ecosystem, the vulnerability seems to follow the behavior of a critical error
found on the platform last year. The error would have affected all
Kubernetes-based products and services, and grants administrator privileges to
hackers on any node running on a Kubernetes cluster.

Although the update patch was developed and
published quickly, network security specialists still expect more vulnerability
to emerge.

“New vulnerabilities will continue to appear
forever,” cybersecurity investigators declared during their presentation at a
recent event. “It was to be expected that we would find this kind of error, as
it is to be expected that they are more in the future, it is an intrinsic
quality of the software”.

Last year, more than 21k API management systems
and open containers were found vulnerable to possible cyberattacks. The exposed
systems included implementations of Kubernetes, Swarm, Red Hat, among
others.  

There are also serious security problems in
chips linked to the known vulnerabilities Spectrum and Meltdown, which still
concern the Linux user community.

To Top

Pin It on Pinterest

Share This