SB2020120716 - Improper access control in containerd (Alpine package) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020120716

SB2020120716 - Improper access control in containerd (Alpine package)

Published: December 7, 2020

Security Bulletin ID SB2020120716
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improper access control (CVE-ID: CVE-2020-15257)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges.


Remediation

Install update from vendor's website.

References