#VU26515 UNIX symbolic link following in Podman


Published: 2020-04-01

Vulnerability identifier: #VU26515

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18466

CWE-ID: CWE-61

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Podman
Universal components / Libraries / Libraries used by multiple products

Vendor: Container Projects

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in libpod (podman) in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

Successful exploitation of this vulnerability may result in privilege escalation on the host operating system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Podman: 0.2 - 1.5.1


External links
http://access.redhat.com/errata/RHSA-2019:4269
http://bugzilla.redhat.com/show_bug.cgi?id=1744588
http://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e
http://github.com/containers/libpod/compare/v1.5.1...v1.6.0
http://github.com/containers/libpod/issues/3829


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability