Researchers Publish PoC for Docker Escape Bug

Researchers Publish PoC for Docker Escape Bug

Security researchers are urging Docker customers to upgrade to the latest version after detailing a proof-of-concept (PoC) attack exploiting a critical vulnerability, which could lead to full container escape.





The CVE-2019-14271 flaw was fixed in Docker version 19.03.1, but if left unpatched could give an attacker full root code execution on the host.





“The vulnerability can be exploited, provided that a container has been compromised by a previous attack (e.g. through any other vulnerability, leaked secrets, etc.), or when a user runs a malicious container image from an untrusted source (registry or other),” explained Palo Alto Networks senior security researcher, Yuval Avrahami.





“If the user then executes the vulnerable cp command to copy files out of the compromised container, the attacker can escape and take full root control of the host and all other containers in it.”





It has been described as one of the most serious of several vulnerabilities related to the copy (cp) command detected in various container platforms such as Docker, Podman and Kubernetes over the past few years.





It’s also the first container breakout flaw since the runC vulnerability was discovered back in February.





Avrahami urged Docker developers to restrict their attack surface by never running untrusted images, and recommended they run containers as a non-root user, when root is ..

Support the originator by clicking the read the rest link below.