IBM Cloud Kubernetes Service is affected by a security vulnerability in runc which could allow an attacker that is authorized to run a process as root inside a container to execute arbitrary commands with root privileges on the container’s host system.
CVE(s): CVE-2019-5736
Affected product(s) and affected version(s):
All versions of IBM Cloud Kubernetes Service are impacted.
Authenticated users on all versions that are authorized to run a process as root (UID 0) inside a container can exploit the vulnerability in runc. This can be done by running a container with a malicious image, or by any other means by which commands can be executed in a container, for example, kubectl exec. This exploit enables a malicious user to gain root privileges on the host running the container. Containers that cannot run processes as root are not exploitable.
To help mitigate this vulnerability, you are highly encouraged to Configure pod security policies in your cluster to prevent container processes from running as root.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10871600
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156819
The post IBM Security Bulletin: IBM Cloud Kubernetes Service is affected by a privilege escalation vulnerability in runc appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2HbgUcc
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.