According to Aqua Security, the vulnerability is exploited when running an exec command inside an already running container. Exec is a Unix command where one exec command replaces the current shell process without creating a new process.
“When that happens, a malicious process inside the container can access a ‘forgotten’ file descriptor of a directory that resides on the host. This in turn can be used to perform directory traversal to the host’s file system, thus facilitating a nasty and easy escape,” wrote Sagie Dulce, senior researcher at Aqua Security.
Docker released an update, Docker Engine 1.12.6, last week that patches the flaw. It rates the vulnerability as minor and describes it as an “insecure opening of file-descriptor” which allows for privilege escalation.
Red Hat rated the vulnerability as medium after first describing the problem in a blog post titled “Docker 0-Day Stopped Cold by SELinux” which was later changed to “SELinux Mitigates container Vulnerability.” Red Hat had argued that SELinux would have better protected against CVE-2016-9962. Red Hat also alerted its users to patch the vulnerability and said running SELinux would not fully protect against the vulnerability.
“SELinux is the only thing that protects the host file system from attacks from inside of the container. If the processes inside of the container get access to a host file and attempt to read and write the content, SELinux will check the access,” wrote Dan Walsh, consulting engineer at Red Hat.
Aqua Security’s Dulce believes the open file descriptor issue is part of a larger problem tied to exec commands inside a running container. In the case of CVE-2016-9962, there is a small window of opportunity “before the runc init process execs the command inside the container, where the container has access to the runc init process on the host.”
The timing of the process allows the runc init process to enter the namespace of the container before it execs the final command, Dulce said. “This window could enable a container, for example, to list file descriptors on the host process, which can then lead it to the host’s file system.”
Aleksa Sarai with SUSE and Tõnis Tiigi with Docker are credited for disclosing the vulnerability on Jan. 2.