SB2019092809 - Permissions, Privileges, and Access Controls in containerd (Alpine package)
Published: September 28, 2019
Security Bulletin ID
SB2019092809
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-16884)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect checking of the mount targets in libcontainer/rootfs_linux.go in runc. A local user can bypass AppArmor restrictions and perform unauthorized actions on the system, as demonstrated by overwriting the /proc directory with a malicious Doker image.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=c64d2552678a7126d5e1d18ac54ea0ee126298d9
- https://git.alpinelinux.org/aports/commit/?id=76ff73346d335f4b22bc7ec01966172596ac8910
- https://git.alpinelinux.org/aports/commit/?id=ca936aa88735c8b55f9745593fe8ce90f29bee9a
- https://git.alpinelinux.org/aports/commit/?id=ac079d292f5197ccddd8cd79682f39fb96414415
- https://git.alpinelinux.org/aports/commit/?id=c0c491116c2f9214f63040dbcdfc9f84de3e26a2