oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: cve request: systemd-machined: information exposure for docker containers

From: CAI Qian <caiqian () redhat com>
Date: Thu, 13 Oct 2016 09:33:21 -0400 (EDT)


----- Original Message -----

From: cve-assign () mitre org
To: caiqian () redhat com
Cc: cve-assign () mitre org, oss-security () lists openwall com
Sent: Tuesday, July 26, 2016 3:24:13 PM
Subject: Re: cve request: systemd-machined: information exposure for docker containers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Once docker containers register themselves to systemd-machined
by oci-register-machine. Any unprivileged user could run
machinectl to list every single containers running in the host
even if the containers do not belong to this user (including containers
belong to the root user), and access sensitive information associated
with any individual container including its internal IP address, OS
version, running processes, and file path for its rootfs.

$ machinectl status cc8d10c7b9892b75843d200d54d34a3a
cc8d10c7b9892b75843d200d54d34a3a(63633864313063376239383932623735)
           Since: Mon 2016-07-25 17:55:36 UTC; 34s ago
          Leader: 43494 (sleep)
         Service: docker; class container
            Root:
            /var/mnt/overlay/overlay/0429684e3da515ae4f11b8514c7b20f759613
         Address: 172.17.0.2
                  fe80::42:acff:fe11:2
              OS: Red Hat Enterprise Linux Server 7.2 (Maipo)
            Unit:
            docker-cc8d10c7b9892b75843d200d54d34a3a9435fe0f65527c254ebfd2d
                  43494 sleep 3000


Use CVE-2016-6349.

It turns out this CVE is against oci-register-machine NOT systemd. The fix is here,

https://github.com/projectatomic/oci-register-machine/pull/22

   CAI Qian
Previous By Date Next
Previous By Thread Next

Current thread: