News Docker Container Escape Vulnerability With PoC (CVE-2019-5736) - Printable Version +- Red Security (https://redsecurity.info/cc) +-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1) +--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4) +--- Thread: News Docker Container Escape Vulnerability With PoC (CVE-2019-5736) (/showthread.php?tid=949)

Docker Container Escape Vulnerability With PoC (CVE-2019-5736) - Mad-Architect - 02-18-2019         Containers on Docker were discovered to have a dangerous vulnerability, designated [CVE-2019-5736], this vulnerability could potentially endanger multiple industries. It was first discovered by a Polish researcher named Adam Iwanik. They found they could use the vulnerability to gain access out-of-sandboxes and root access to host servers. When they utilized the processes inside a container or a docker image, they were able to execute code at admin level.     How this attack works, is that when an attack overwrites the binary in the container with a symbolic link such as exec, the binary executes. Next, the symbolic link is executed to itself. An attacker can then use a descriptor to overwrite the file. This is only successful when the runC process exits, as cannot overwrite while running.         According to some review, this vulnerability could also endanger the maritime industry as well. Since before the tech and inter-connectivity boom, the industry itself was practically out of the sights, but seeing as though many industries are becoming more and more connected to the internet, the maritime industry is now in danger of being targeted. This is especially frightening, as the modern economy of most developed nations depends heavily on maritime trade.     As of the writing of this article, the vulnerability to the runC platforms has been patched.     Original article can be found here.   That was the news folks, have a good week, and stay safe out there.   -----Mad-Architect