Amazon Linux AMI : docker (ALAS-2014-461)

high Nessus Plugin ID 79875

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive extraction and through volume mounts. This vulnerability allowed malicious images or builds from malicious Dockerfiles to write files to the host system and escape containerization, leading to privilege escalation. (CVE-2014-9356)

It has been discovered that the introduction of chroot for archive extraction in Docker 1.3.2 had introduced a privilege escalation vulnerability. Malicious images or builds from malicious Dockerfiles could escalate privileges and execute arbitrary code as a root user on the Docker host by providing a malicious 'xz' binary. (CVE-2014-9357)

It has been discovered that Docker does not sufficiently validate Image IDs as provided either via 'docker load' or through registry communications. This allows for path traversal attacks, causing graph corruption and manipulation by malicious images, as well as repository spoofing attacks. (CVE-2014-9358)

Solution

Run 'yum update docker' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2014-461.html

Plugin Details

Severity: High

ID: 79875

File Name: ala_ALAS-2014-461.nasl

Version: 1.5

Type: local

Agent: unix

Published: 12/15/2014

Updated: 12/12/2019

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:docker, p-cpe:/a:amazon:linux:docker-devel, p-cpe:/a:amazon:linux:docker-pkg-devel, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 12/11/2014

Vulnerability Publication Date: 12/16/2014

Reference Information

CVE: CVE-2014-9356, CVE-2014-9357, CVE-2014-9358

ALAS: 2014-461