Linux, Red Hat, Amazon and Azure users using runtime container runC affected by new vulnerability

Vulnerability has a score of 7.2/10 on the CVSS scale

Linux system users are dealing with a new threat. According to network security and ethical hacking specialists from the International Institute of Cyber Security, a critical vulnerability has been discovered affecting the runC runtime container function that works with Docker, cri-o, containerd and Kubernetes.

RunC is a command line interface tool suitable for Open Container Initiative to generate and execute containers.

The vulnerability, tracked as CVE-2019-5736, allows an infected container to overwrite the runC binary file and gain access to the root on the host. In other words, this would allow the infected container to gain control of the global host, so that attackers could execute any command.

“Most of the runtime container is likely to be affected by this vulnerability, unless the administrators have taken action in advance, which is quite unlikely,” a cybersecurity specialist mentioned. The expert added that the vulnerability is blocked by the proper implementation of user namespaces, “where the root is not mapped in the user’s namespace.”

Vulnerability has been considered critical by some network security specialists. Experts mention that the vulnerability has a score of 7.2/10 on the CVSS scale.

In the most recent days was developed a patch to correct the vulnerability, which is being sent to users of runC. In addition, several cloud service providers have been taking steps to implement the update patch.

Although not specific to the Kubernetes ecosystem, the vulnerability seems to follow the behavior of a critical error found on the platform last year. The error would have affected all Kubernetes-based products and services, and grants administrator privileges to hackers on any node running on a Kubernetes cluster.

Although the update patch was developed and published quickly, network security specialists still expect more vulnerability to emerge.

“New vulnerabilities will continue to appear forever,” cybersecurity investigators declared during their presentation at a recent event. “It was to be expected that we would find this kind of error, as it is to be expected that they are more in the future, it is an intrinsic quality of the software”.

Last year, more than 21k API management systems and open containers were found vulnerable to possible cyberattacks. The exposed systems included implementations of Kubernetes, Swarm, Red Hat, among others.  

There are also serious security problems in chips linked to the known vulnerabilities Spectrum and Meltdown, which still concern the Linux user community.