How secure is Docker? If you're not running version 1.3.2, Not VERY (opens in new tab)

(theregister.co.uk)

3 pointslabianchin11y ago4 comments

4 comments

Can somebody explain what is the risk with such security issues if you own the containers?

The breakout risk with both is with malicious images, not with malicious processes running in those images. Furthermore, the archive path-traversal issue is dangerous because it is exploitable by merely downloading images, even if they're not run.

Still, if you own all the container images that you're consuming or only use the official builds, the risk is minimal. Mind you that some users intentionally run containers with elevated privileges via the '--privileged' flag.

However, if you're running Docker 1.3.0 or older, you're also vulnerable to MITM attacks against the registry, potentially compromising images as they're downloaded. It's highly advised that everyone upgrade.

preillyme11y ago

Up to and including version 1.3.1, was vulnerable to extracting files to arbitrary paths on the host during ‘docker pull’ and ‘docker load’ operations. This was caused by symlink and hardlink traversals present in Docker's image extraction. This vulnerability could be leveraged to perform remote code execution and privilege escalation.

preillyme11y ago

Docker versions 1.3.0 through 1.3.1 allowed security options to be applied to images, allowing images to modify the default run profile of containers executing these images. This vulnerability could allow a malicious image creator to loosen the restrictions applied to a container’s processes, potentially facilitating a break-out.

j / k navigate · click thread line to collapse

4 comments

labianchinOP11y ago

Can somebody explain what is the risk with such security issues if you own the containers?

ewindisch11y ago

preillyme11y ago

j / k navigate · click thread line to collapse