Kubernetes, Docker, ContainerD Impacted by RunC Container Runtime Bug | Linux.com
The malicious program, dubbed CVE-2019-5736, permits an inflamed container to overwrite the host runC binary and acquire root-level code get entry to at the host. This would principally permit the inflamed container to realize regulate of the overarching host container and make allowance an attacker to execute any command.
“It is quite likely that most container runtimes are vulnerable to this flaw, unless they took very strange mitigations beforehand,” defined Aleksa Sarai, a senior device engineer at SUSE and a maintainer for runC, in an electronic mail posted on Openwall. Sarai added that the flaw is blocked by the correct implementation of consumer namespaces “where the host root is not mapped into the container’s user namespace.”
A patch for the flaw has been evolved and is being despatched out to the runC group. Numerous supplier and cloud suppliers have already taken steps to put into effect the patch.
Read extra at SDx Central