Описание
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked /proc. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections.
Отчет
The symlink vulnerability in runc allowing for the bypassing of AppArmor protections by manipulating the /proc symlink poses a moderate severity issue due to its potential impact on container isolation and security boundaries. While the exploitation requires specific mount configurations and access to the container's filesystem, it can lead to unauthorized access to host resources and potential privilege escalation within the containerized environment. This could enable attackers to compromise the integrity and confidentiality of other containers or the host system. Although the vulnerability does not allow direct remote code execution, its exploitation can result in significant security risks within containerized infrastructures, warranting a moderate severity rating.
Меры по смягчению последствий
Avoid using an untrusted container image.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | runc | Will not fix | ||
| Red Hat Enterprise Linux 8 | container-tools:3.0/runc | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | runc | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | microshift | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-pod | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-tests | Not affected | ||
| Red Hat OpenShift Container Platform 4 | runc | Not affected | ||
| Red Hat Enterprise Linux 8 | container-tools | Fixed | RHSA-2023:6938 | 14.11.2023 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.
runc is a CLI tool for spawning and running containers according to th ...
7.8 High
CVSS3