Major Container Security Flaw Threatens Cascading Attacks

runc, a building-block project for the container technologies used by many enterprises as well as public cloud providers, has patched a vulnerability that would allow root-level code-execution, container escape and access to the host filesystem.

Discovered by researchers Adam Iwaniuk and Borys Popławski, the vulnerability (CVE-2019-5736) “allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host,” according a posting on Monday.

An attacker with local access to the affected system can exploit the flaw by convincing users to run malicious or modified containers on their systems.

Read More on Threat Post