Date: Thu, 13 Oct 2016 09:33:21 -0400 (EDT) From: CAI Qian <caiqian@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: cve request: systemd-machined: information exposure for docker containers ----- Original Message ----- > From: cve-assign@...re.org > To: caiqian@...hat.com > Cc: cve-assign@...re.org, oss-security@...ts.openwall.com > Sent: Tuesday, July 26, 2016 3:24:13 PM > Subject: Re: cve request: systemd-machined: information exposure for docker containers > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > Once docker containers register themselves to systemd-machined > > by oci-register-machine. Any unprivileged user could run > > machinectl to list every single containers running in the host > > even if the containers do not belong to this user (including containers > > belong to the root user), and access sensitive information associated > > with any individual container including its internal IP address, OS > > version, running processes, and file path for its rootfs. > > > > $ machinectl status cc8d10c7b9892b75843d200d54d34a3a > > cc8d10c7b9892b75843d200d54d34a3a(63633864313063376239383932623735) > > Since: Mon 2016-07-25 17:55:36 UTC; 34s ago > > Leader: 43494 (sleep) > > Service: docker; class container > > Root: > > /var/mnt/overlay/overlay/0429684e3da515ae4f11b8514c7b20f759613 > > Address: 172.17.0.2 > > fe80::42:acff:fe11:2 > > OS: Red Hat Enterprise Linux Server 7.2 (Maipo) > > Unit: > > docker-cc8d10c7b9892b75843d200d54d34a3a9435fe0f65527c254ebfd2d > > 43494 sleep 3000 > > Use CVE-2016-6349. It turns out this CVE is against oci-register-machine NOT systemd. The fix is here, https://github.com/projectatomic/oci-register-machine/pull/22 CAI Qian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ