Showing Posts About
Docker
-
Mohit Gupta - 10 Apr 2024
Abusing search permissions on Docker directories for privilege escalation
A privilege escalation vulnerability was discovered in Docker environments where the /var/lib/docker directory has search permissions for other users. Low-privileged attackers can access container filesystems by exploiting these permissions. By modifying container startup scripts and leveraging host reboot capabilities, attackers can potentially gain root access on the host system.
- Mohit Gupta
- 2 Feb 2024
runc working directory breakout (CVE-2024-21626)
A critical vulnerability in runc (CVE-2024-21626) allows attackers to break out of container filesystems by exploiting a file descriptor leak. The flaw enables setting a container's working directory to the host filesystem, potentially granting unauthorized access to host systems in Kubernetes and containerized environments. Attackers can leverage this vulnerability to access host filesystems, execute malicious code, and potentially compromise multi-tenant Kubernetes clusters.
- 11 Jun 2020
Abusing access to mount namespaces through /proc/pid/root
Linux namespaces can be abused for privilege escalation in containerized environments. Two key attack vectors are demonstrated: creating block devices in Docker containers to bypass access controls and exploiting symlink vulnerabilities through mount and user namespaces. The research highlights potential security risks in container configurations and namespace implementations.