SB2024092803 - Gentoo update for Docker

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024092803

SB2024092803 - Gentoo update for Docker

Published: September 28, 2024 Updated: December 19, 2024

Security Bulletin ID SB2024092803
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 8% Medium 69% Low 23%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Improper Preservation of Permissions (CVE-ID: CVE-2021-41089)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.


2) Improper Preservation of Permissions (CVE-ID: CVE-2021-41091)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.


3) Improper Privilege Management (CVE-ID: CVE-2022-36109)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management caused by improper setup of supplementary groups. A local user can bypass primary group restrictions and compromise the container.


4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-41717)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.


5) Insufficiently protected credentials (CVE-ID: CVE-2023-26054)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to BuildKit may expose sensitive information when the user sends a build request that contains a Git URL with credentials and the build creates a provenance attestation  describing that build. A remote attacker can gain access to sensitive information.


6) Unprotected Alternate Channel (CVE-ID: CVE-2023-28840)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network and perform a denial of service (DoS) attack.


7) Missing Encryption of Sensitive Data (CVE-ID: CVE-2023-28841)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing encryption of sensitive data within the overlay network driver. A remote attacker can gain unauthorized access to sensitive information on the system.


8) Unprotected Alternate Channel (CVE-ID: CVE-2023-28842)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.


9) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2024-23650)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.


10) Race condition (CVE-ID: CVE-2024-23651)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a race condition. A remote attacker can exploit the race and cause the files from the host system being accessible to the build container.


11) Path traversal (CVE-ID: CVE-2024-23652)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within BuildKit frontend or Dockerfile using RUN --mount. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


12) Incorrect authorization (CVE-ID: CVE-2024-23653)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to interactive containers API does not validate entitlements check. A remote attacker can use these APIs to ask BuildKit to run a container with elevated privileges.


13) Insufficient verification of data authenticity (CVE-ID: CVE-2024-24557)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient verification of data authenticity. A remote attacker can poison victim´s cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.


Remediation

Install update from vendor's website.

References