SB2020012601 - Improper access control in containerd (Alpine package)
Published: January 26, 2020
Security Bulletin ID
SB2020012601
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2019-19921)
The vulnerability allows a local user to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions, related to libcontainer/rootfs_linux.go in runc. A local user with ability to spawn two containers with custom volume-mount configurations, and run custom images can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=c64d2552678a7126d5e1d18ac54ea0ee126298d9
- https://git.alpinelinux.org/aports/commit/?id=76ff73346d335f4b22bc7ec01966172596ac8910
- https://git.alpinelinux.org/aports/commit/?id=3b2d519d19eed612aeaf0a62ee9003e23cbe7c2f
- https://git.alpinelinux.org/aports/commit/?id=ca936aa88735c8b55f9745593fe8ce90f29bee9a
- https://git.alpinelinux.org/aports/commit/?id=2259e688837770f6e1826fd6f550fda6446c4465