Privilege escalation in Podman
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-18466 |
| CWE-ID | CWE-61 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Podman Universal components / Libraries / Libraries used by multiple products |
| Vendor | Container Projects |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) UNIX symbolic link following
EUVDB-ID: #VU26515
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-18466
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in libpod (podman) in the host context during a copy operation from the container to the
host, because an undesired glob operation occurs. An attacker could
create a container image containing particular symlinks that, when
copied by a victim user to the host filesystem, may overwrite existing
files with others from the host.
Successful exploitation of this vulnerability may result in privilege escalation on the host operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPodman: 0.2 - 1.5.1
External linkshttp://access.redhat.com/errata/RHSA-2019:4269
http://bugzilla.redhat.com/show_bug.cgi?id=1744588
http://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e
http://github.com/containers/libpod/compare/v1.5.1...v1.6.0
http://github.com/containers/libpod/issues/3829
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
