According to IT security audits specialists all versions of the Docker software are impacted by a race condition vulnerability that, if exploited, could allow hackers to access the compromised system with root privileges.
In the CVE-2018-15664vulnerability report, it
is explained that the API endpoints of ‘Docker cp’, a command to copy files
between the host and the container machine, are vulnerable to a symlink exchange
attack with Transversal Directory.
Aleka Sarai, of the IT security audits firm
SUSE, was in charge of reporting the vulnerability, as well as publishing the
code for exploitation. In his report, the specialist claims that he has created
a patch to correct the flaw, although the code is still under review.
The expert claims that attackers can exploit
the race
condition by launching the attack for a specific short time after the
route is complete. “If an attacker can add a symbolic link comment to the
path after the resolution but before execution, then it might end up solving
the symbolic link path component on the host as the root user. In the case of
the ‘Docker cp’ command, this gives hackers read and write access to any route
on the host, adds the IT security audits specialists.
The National Vulnerability Database (NVD)
assigned this flaw a score of 8.7 according to CVSS standards, making it a
serious vulnerability. However, the NVD considers that the exploitability of
the fault is only 2.2, as it is a highly complex attack.
Although there’s low in the wild exploitation
probability, the specialists from the International Institute of Cyber Security
(IICS) point out that there are no protective measures to mitigate the risk of
exploitation in addition to the disabling of ‘ Docker CP ‘ command, so you need
to consider some updating.
The expert developed exploit scripts for read
access (run_read.sh) and writing (run_write.sh). Sarai mentions that both
include a Docker image that contains a simple binary that makes a RENAME_EXCHANGE
of a symbolic link to “/” and an empty directory in a loop, hoping to
reach the race condition.
