Recently a new vulnerability has been discovered in the the internet market having target to Docker services.
In short, Docker service uses another service called as runc which is container run time to spawn and run containers. which simply means if docker task is to create docker images then runc task would be running them and attaching a process to container.
So as per the recent discovery by the maintainers of runc, the code of this service was having some bug which can be used by attackers to gain the root level of access of the host machine on which docker containers are running.
This vulnerability can be exploited in two ways (1) if the docker images are in use is vulnerable making the containers build from it vulnerable also (2) if somehow attacker got the access of containers and then trying to exploit using the bug present in runc and trying to get root privileges.
Note: For AWS environment, you might need to disable /etc/yum/pluginconf.d/update-motd.conf file by changing it to Zero "0" from One "1" to view the available AWS package.
Along with package update , we should also consider deploying containers using some random users rather than root user as the vulnerability gets exploited when having “UID 0” i.e root privileges inside container.
So when you are using composer file to define images, make sure to define some unique users to run those containers and which also need to present on server on which this containers need to run.
====================================X============X=================================================
Contact support@linuxforeveryone for any Freelancing work on Linux Servers
Subscribe my YouTube Channel
Like My Facebook Page
Browse the Best in class Web Hosting Plans
What is this Vulnerability:
So as per the recent discovery by the maintainers of runc, the code of this service was having some bug which can be used by attackers to gain the root level of access of the host machine on which docker containers are running.
How it can be Exploited:
Solution to Fix Vulnerability:
Centos/Redhat
- Update the docker version to latest version 18.09.2
AWS
- Update the docker version to latest version 18.06.1ce
Note: For AWS environment, you might need to disable /etc/yum/pluginconf.d/update-motd.conf file by changing it to Zero "0" from One "1" to view the available AWS package.
Recommended Step:
Along with package update , we should also consider deploying containers using some random users rather than root user as the vulnerability gets exploited when having “UID 0” i.e root privileges inside container.
So when you are using composer file to define images, make sure to define some unique users to run those containers and which also need to present on server on which this containers need to run.
====================================X============X=================================================
Contact support@linuxforeveryone for any Freelancing work on Linux Servers
Subscribe my YouTube Channel
Like My Facebook Page
Browse the Best in class Web Hosting Plans
Linuxforeveryone started with the focus of solving linux related issues a sys admin faces everyday. So as System Admin whatever i learn through my experience i try to write it down for rest of opensource community.
If you appreciate what you have read or this blog writeup helped you can considering buying me COFFEE, this will help me keep writing and helping community further.
Jackpot City Casino Web | Up to £10 Casino Welcome Bonus
ReplyDeleteJackpot titanium tubing City Casino, one of 바카라 the UK's best-known 우리 카지노 더킹 online casinos and 메리트 카지노 도메인 poker sites, is a part of 카지노 사이트 신고 the famous Slots City family.