[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE Request: docker2aci: Path traversals present in image converting
From: cve-assign () mitre ! org
Date: 2016-09-28 19:15:39
Message-ID: 20160928191539.9875452E01B () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> https://github.com/appc/docker2aci/issues/201
>
> tmpLayerPath := path.Join(tmpDir, layerIDs[i])
>
> tmpLayerPath += ".tar"
>
> layerFile, err := extractEmbeddedLayer(lb.file, layerIDs[i], tmpLayerPath)// without essential check
> // for layerpath, may breakout
> // tmpDir.
>
> Build or downloading a malicious image as an archive file, containing
> some layer files with relative names, like "../../../etc/ filename",
> as well modifying the content of some corresponding json file related
> to it. then running docker2aci to convert the docker's image to aci.
> Overview of the content of malicious image:
>
> ../../../etc
>
> ../../../etc/0ca87058da90257128ca83a1d0e1bd55236f43c75b915120c70498af6ad37625
>
> ../../../etc/0ca87058da90257128ca83a1d0e1bd55236f43c75b915120c70498af6ad37625/json
>
> ../../../etc/0ca87058da90257128ca83a1d0e1bd55236f43c75b915120c70498af6ad37625/VERSION
>
> ../../../etc/0ca87058da90257128ca83a1d0e1bd55236f43c75b915120c70498af6ad37625/layer.tar
>
>
> and logs:
> tmpDir: /tmp/docker2aci-878549369
> tmpLayerPath: /etc/0ca87058da90257128ca83a1d0e1bd55236f43c75b915120c70498af6ad37625.tar
> Extracting ../../../etc
>
> then check the results: ls /etc/*.tar
> /etc/0ca87058da90257128ca83a1d0e1bd55236f43c75b915120c70498af6ad37625.tar
>> From: Alex Crawford
>>
>> Our initial analysis confirms there is a path traversal bug in the
>> docker layer conversion library. However, due to the specific nature
>> of how a malicious image must be crafted to exploit this bug (i.e.,
>> invalid format), the attack vector is largely mitigated ... the bug
>> has limited impact and will not affect typical usage of docker2aci.
Use CVE-2016-7569.
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJX7BZQAAoJEHb/MwWLVhi2j48QAJMAr2JXCS3f8oYQ0pClZyyv
giFGlitDkJiq0ieJWq8YGeS/5319DiGYSuDftn/eQMMgTdTAO5pNDQMi6B/SO/e0
g5Wjl3clShOTT8uYdLrsSA3MzG8XENseOsjWBJRrXifPdEPQWCP1iTsyKewIEa1O
LRe04oGRW7snRbhsAsf4cgY2F4MW4yrlx0Gyi+6uZg4YQS4/FUaGcWtlM6+ax0Up
+S5QSrX8SMRSczLsPod+gD9x/x+SufrmmXGVU9iyFt55SYV1ZIVVG5IPsijU7uvT
YHEV/1kX4cLQ0QY7LByd7Pcaoz+njMV7XRYi3HuYyKg85TRxITfw8cXXaHEUDimi
c7hPSyKZ3vttWC70v+ACaKk22IGP5LoRLsNUUngWJgY+TEpNgFIAKOVVnJZyWzGB
ROvmEYA+9cO6Niyfs/nh2G+ASDbnlyaHUDya5Ps85kw5n782eKTUe+aWXZPuYpqa
DwT5tqLmp3UpEQTfjKRvOQG5KYvBKWPV3kPz2yBVybEFUSZgRIiaSXqazqpjNIyZ
ZW4TXEVGANjtuSrSUHe59AKChShEC4ZSop1WtKcDwQBg45YLsuudrZ3vtV6YybJR
Ndd4sEU0H3CWAKcaytnbu6IDcCucCfHwkXeel3LdX2MVLw10yRNvOwBA1mCBdBs3
isEgR9ts2t3oSQlVYbB2
=oBJi
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic