2 min

The fear of many IT specialists around containers is that an attacker could succeed in infecting a container with malware. That malware could then spread and attack the entire host system. Now this fear does not appear to be unfounded and researchers have found a vulnerability that makes this possible.

This concerns RunC container breakout, or CVE-2019-5736. RunC is the underlying container runtime for Docker, Kubernetes and other container-dependent programs. It is an open-source command-line tool that makes it possible to create and run containers. Docker originally built it, but made it open-source, making it widely used. In fact, chances are that if you use containers, they will run on RunC.

Malware Places

Researchers Adam Iwaniuk and Boryus Poplawski discovered a vulnerability in RunC that allows a malware container (with minimal user interaction) to overwrite the host RunC binary and thus get root-level code execution on the host. This allows the attacker to then execute their plans.

To gain this access, hackers only need to place a container of malware in the system. This is not extremely complicated in practice. System administrators often do not check all software in containers to make sure that the content corresponds to what is specified.

Potentially major consequences

Opposite the ZDNet site, Scott McCarty, who works for Red Hat as product manager of containers, warns that this vulnerability has potentially major consequences. Containers represent a move back to shared systems, where apps from many different users run on the same Linux host, says McCarty. This makes it possible to potentially infect and take over many thousands of containers.

Although there are only a few incidents that can be characterized as a doomsday scenario for business IT, a series of exploits that have an impact on a wide range of interconnected production systems is something that meets this need. And that’s exactly how this vulnerability is characterized.

A patch is available for the exploit, so the advice to all system administrators is to update their software as soon as possible.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.