CyberArk Labs has discovered that it is possible for hackers to manipulate so-called defense-in-depth strategies to access sensitive information. Known kernel vulnerabilities can be used in container environments, allowing an attacker to escape to the host.
Security tools for Linux – such as seccomp and namespaces – generally offer good protection, so that a cybercriminal cannot take the necessary steps. In some cases, however, the host kernel is vulnerable, and then these tools can be manipulated by using existing leaks and eventually using them as an escape route to the host.
CyberArk Labs also provides ways to prevent too much damage from such an attack. One option is to use a non-generic kernel version. “Making an exploit for a known vulnerability is difficult for many reasons, including because of KASLR,” says the company. “KASLR bypasses are often a challenge for writers of exploits. The use of a generic kernel version for production applications is a bad idea, because it makes KASLR redirections easier.”
Research
The report is the most recent finding in the company’s longer-term investigation into how attackers can use existing vulnerabilities to bypass container security in DevOps environments.
“Containers offer many operational advantages, and their standard security settings are a real challenge for attackers,” says Lavi Lazarovitz, head of the security research team at CyberArk Labs. “The aim of this research is to understand how attackers can manipulate existing vulnerabilities in the host from the container to exploit privileges and ultimately create an escape route from the container. Understanding how attackers work is important to learn how companies can make better investments in DevOps security to protect sensitive data.”
The preliminary findings of this investigation will be presented at the RSA conference this week.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.