Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Docker Container Escape Vulnerability With PoC (CVE-2019-5736)
#1
[Image: 1*TYAzzTJ60x-qg5N81ElU9A.png]



        Containers on Docker were discovered to have a dangerous vulnerability, designated [CVE-2019-5736], this vulnerability could potentially endanger multiple industries. It was first discovered by a Polish researcher named Adam Iwanik. They found they could use the vulnerability to gain access out-of-sandboxes and root access to host servers. When they utilized the processes inside a container or a docker image, they were able to execute code at admin level. 

   How this attack works, is that when an attack overwrites the binary in the container with a symbolic link such as exec, the binary executes. Next, the symbolic link is executed to itself. An attacker can then use a descriptor to overwrite the file. This is only successful when the runC process exits, as cannot overwrite while running. 

   
   According to some review, this vulnerability could also endanger the maritime industry as well. Since before the tech and inter-connectivity boom, the industry itself was practically out of the sights, but seeing as though many industries are becoming more and more connected to the internet, the maritime industry is now in danger of being targeted. This is especially frightening, as the modern economy of most developed nations depends heavily on maritime trade. 


   As of the writing of this article, the vulnerability to the runC platforms has been patched. 

   Original article can be found here.

  That was the news folks, have a good week, and stay safe out there.

  -----Mad-Architect
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Vulnerability Disclosure Programs See Signups & Payouts Surge News 0 67 09-23-2020, 12:57 PM
Last Post: News
Star News Can Vulnerability Scanning Replace Penetration Testing? News 0 181 08-30-2020, 02:08 AM
Last Post: News
Star News Vulnerability Volume Poised to Overwhelm Infosec Teams News 0 132 08-28-2020, 09:14 AM
Last Post: News
Star News Vulnerability Prioritization: Are You Getting It Right? News 0 860 08-10-2020, 07:33 PM
Last Post: News
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 360 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Rainbow News Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites Mr.Kurd 0 332 04-01-2020, 11:11 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 410 03-26-2020, 09:03 AM
Last Post: Mr.Kurd
Thumbs Down News Slack Vulnerability Allowing Account Takeovers Mr.Kurd 0 325 03-17-2020, 08:11 PM
Last Post: Mr.Kurd
Exclamation News A vulnerability that Allows Hackers to Hijack Facebook Accounts Mr.Kurd 0 374 03-04-2020, 07:17 AM
Last Post: Mr.Kurd
Brick News OpenSMTPD Email Server Vulnerability Threatens Many Linux and BSD Systems Mr.Kurd 0 370 03-02-2020, 08:40 PM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)