Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts

Runc

A container breakout security flaw found in the runc container runtime allows malicious containers (with minimal user interaction) to overwrite the host runc binary and gain root-level code execution on the host machine.

runcis an open source command line utility designed to spawn and run containers and, at the moment, it is used as the defaultruntime for containers with Docker, containerd, Podman, and CRI-O.

According toAleksa Sarai,Senior Software Engineer (Containers)SUSE Linux GmbH, one of the runc maintainers:

The level of user interaction is being ableto run any command (it doesn't matter if the command is notattacker-controlled) as root within a container in either of these contexts:

* Creating a new container using an attacker-controlled image. * Attaching (docker exec) into an existing container which theattacker had previous write access to.

The vulnerability found by security researchers Adam IwaniukandBorys Popławskiis now tracked as CVE-2019-5736 and it is...(continued)

View All Trending Stories