Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

High Severity RunC Vulnerability Exposes Docker And Kubernetes Hosts

Tripwire-security-news-800x450d-with_logo_c

Often claimed as a worst-case scenario, a container breakout vulnerability has been discovered in RunC, the universal container runtime used by Docker, Kubernetes and other containerization systems.

Further research has discovered that a similar version of the same vulnerability affects the LXC and Apache Mesos packages. Identified as CVE-2019-5736, this vulnerability grants root access to host systems running all of the most popular containerization technologies.

A container breakout occurs when a malicious Docker image or container exploits a vulnerability in order to achieve a level of access on the host system. While extremely rare, it has been years since a container breakout vulnerability has been disclosed in a core component of Docker – that streak has now ended.

This vulnerability allows a container to overwrite the RunC binary and gain root level code execution access with minimal user interaction. This vulnerability can be exploited in the following ways:

...(continued)
View All Trending Stories