Описание
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Отчет
Red Hat Product Security has rated this vulnerability as moderate severity for affected products which run on OpenShift. The vulnerability allows for potential privilege escalation within a container, but OpenShift's default, multi-layered security posture effectively mitigates this risk. The primary controls include the default Security Context Constraints (SCC), which severely limit a container's permissions from the start, and SELinux, which enforces mandatory access control to ensure strict isolation. While other container runtime environments may have different controls available and require case-by-case analysis, OpenShift's built-in defenses are designed to prevent this type of attack. Out of Box RHEL configuration isolates a single process inside a container. Unless multiple processes are packaged inside a single container, that defeats the principle behind containerization, this bug can not be used to meaningfully escalate privileges. Also, RHEL, and any common linux distributions do NOT add any additional users to the root group. The presence of the root group is strictly due to conformance with POSIX permission management requirements and can be considered to be an artifact of filesystem permission limitations.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat AMQ Broker 7 | amq-broker-init-rhel8 | Will not fix | ||
| Red Hat AMQ Broker 7 | amq-broker-init-rhel9 | Affected | ||
| Red Hat AMQ Broker 7 | amq-broker-rhel8 | Will not fix | ||
| Red Hat AMQ Broker 7 | amq-broker-rhel9 | Affected | ||
| RHEL-9 based Middleware Containers | amq7/amq-broker-init-rhel9 | Fixed | RHSA-2025:17562 | 08.10.2025 |
| RHEL-9 based Middleware Containers | amq7/amq-broker-rhel9 | Fixed | RHSA-2025:17562 | 08.10.2025 |
| RHEL-9 based Middleware Containers | amq7/amq-broker-rhel9-operator | Fixed | RHSA-2025:17562 | 08.10.2025 |
| RHEL-9 based Middleware Containers | amq7/amq-broker-rhel9-operator-bundle | Fixed | RHSA-2025:17562 | 08.10.2025 |
| RHEL-9 based Middleware Containers | amq7-tech-preview/amq-broker-console-plugin-rhel9 | Fixed | RHSA-2025:17562 | 08.10.2025 |
| RHEL-9 based Middleware Containers | amq7-tech-preview/amq-broker-jolokia-api-server-rhel9 | Fixed | RHSA-2025:17562 | 08.10.2025 |
Показывать по
Дополнительная информация
Статус:
6.4 Medium
CVSS3
Связанные уязвимости
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
6.4 Medium
CVSS3