Описание
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
Отчет
This vulnerability has been rated as having a Low security impact by the Red Hat Product Security team. For an attack to be successful, the attacker needs to have control over the domains used into the host's resolv.conf and have a prior knowledge about the hostnames and connections used by the running containers. Additionally, the attacker does not have full control over the amount or sensitivity of data sent by the container to the attacker controlled host and TLS validations may avoid the container to connect to the malicious domain.
Меры по смягчению последствий
As a proactive mitigation, configure containers to have hostnames formatted as .dns.podman. This specific naming convention will prevent aardvark-dns from forwarding these queries to external search domains, thereby reducing potential exposure or unexpected network behavior associated with such queries.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | netavark | Fix deferred | ||
| Red Hat Enterprise Linux 8 | container-tools:rhel8/containers-common | Fix deferred | ||
| Red Hat Enterprise Linux 8 | container-tools:rhel8/netavark | Fix deferred | ||
| Red Hat Enterprise Linux 9 | netavark | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
Связанные уязвимости
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
A vulnerability was found in the netavark package, a network stack for ...
EPSS
3.7 Low
CVSS3