The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing.
Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.
Containers are applications packaged into a file that contains all the runtime dependencies, executables, and code required to run an application.
These containers are executed by platforms like Docker and Kubernetes that run the application in a virtualized environment isolated from the operating system.
Container escape occurs when an attacker or a malicious application breaks out of the isolated container environment and gains unauthorized access to the host system or other containers.
As runc or Buildkit are used by a wide range of popular container management software, such as Docker and Kubernetes, the exposure to attacks becomes far more significant.
CVE-2024-21626: Bug stemming from an order-of-operations flaw with the WORKDIR command in runc.
It allows attackers to escape the isolated environment of the container, granting unauthorized access to the host operating system and potentially compromising the entire system.
CVE-2024-23651: A race condition within Buildkit's mount cache handling leading to unpredictable behavior, potentially allowing an attacker to manipulate the process for unauthorized access or to disrupt normal container operations.
CVE-2024-23652: Flaw allowing arbitrary deletion of files or directories during Buildkit's container teardown phase.
CVE-2024-23653: This vulnerability arises from inadequate privilege checks in Buildkit's GRPC interface.
It could permit attackers to execute actions beyond their permissions, leading to privilege escalation or unauthorized access to sensitive data.
Buildkit and runc are widely used by popular projects like Docker and multiple Linux distributions.
On January 31, 2024, Buildkit fixed the flaws with version 0.12.5, and runc addressed the security issue impacting it on version 1.1.12.
Docker released version 4.27.0 on the same day, incorporating the secured versions of the components in its Moby engine, with versions 25.0.1 and 24.0.8.
Amazon Web Services, Google Cloud, and Ubuntu also published relevant security bulletins, guiding users through the appropriate steps to resolve the flaws in their software and services.
Finally, CISA also published an alert urging cloud system admins to take the appropriate action to secure their systems from potential exploitation.
Docker hosts hacked in ongoing website traffic theft scheme.
Mastodon vulnerability allows attackers to take over accounts.
45k Jenkins servers exposed to RCE attacks using public exploits.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 04 Feb 2024 15:35:15 +0000