Trending CVEs for the Week of June 3rd, 2019
CVE-2018-15664 – Docker Vulnerability
The BlueKeep vulnerability is still trending on social media and we extensively covered CVE-2019-0708 in May 27th and May 20th blog posts. This week, we will talk about CVE-2018-15664 which is runner-up in the list. Docker is vulnerable to a symlink-race attack.
The API endpoints behind the ‘docker cp’ command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Affected Packages are:
- Red Hat OpenShift Container Platform 3.7
- Red Hat OpenShift Container Platform 3.6
- Red Hat Enterprise Linux 7
And, following products are still under investigation:
- Red Hat OpenShift Container Platform 3.5
- Red Hat OpenShift Container Platform 3.4
- Red Hat JBoss Fuse 7
Exploitation and Risk
An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator tries to copy a file from/to the container.
Stopping a container prior to running “docker cp” removes the TOCTOU vulnerability.