A severe privilege escalation vulnerability has been patched in the Windows Docker Desktop Service.
On Friday, cybersecurity researchers from Pen Test Partners publicly disclosed the problem, a privilege escalation vulnerability buried in how the software uses pipes.
The vulnerability, tracked as CVE-2020-11492, was discovered after analyzing how Docker Desktop for Windows -- the primary service platform for Docker -- uses named pipes when communicating as a client to child processes.
According to the team, the software "can be tricked into connecting to a named pipe that has been set up by a malicious lower privilege process."
"Once the connection is made, the malicious process can then impersonate the Docker Desktop Service account (SYSTEM) and execute arbitrary system commands with the highest level privileges," the researchers added.
The download and installation of Docker Desktop for Windows includes a Windows service called Docker Desktop Service that is always running by default in preparation for the software to launch.
Once opened, the Docker software will create a number of child processes to manage functions including image creation. Windows named pipes are used to facilitate inter-process communication (IPC) including the transfer of application-specific data.
See also: Japan investigates potential leak of prototype missile data in Mitsubishi hack
Named pipes are able to impersonate the running client account which "allows the service to drop its credentials in favor of the connecting client," Pen Test Partner notes, and while this is a l ..
Support the originator by clicking the read the rest link below.
