Critical vulnerability exposes Docker Engine users; update now

Security specialists reported the finding of a critical vulnerability in a Docker Engine feature; if exploited, this flaw would allow threat actors to scale privileges to root users. Alex Chapman, cybersecurity researcher who first reported the flaw, mentions that there are two main attack vectors that would allow the target system to be fully compromised.

Docker Engine is an open source platform for building and hosting applications. This technology acts as a very useful client-server application for developers.

The expert mentions that the flaw resides in the function ‘–userns-remap’, an optional security feature to isolate container users within a user namespace: “When this feature is enabled, the root user inside the container is assigned to a non privileged user on the container host,” Chapman adds.

If threat actors gain root access and manage to escape the Docker container, non privileged users will be able to exploit multiple race conditions or arbitrarily start containers: “The vulnerability was tracked as CVE-2021-21284 and resides in the Docker Engine docker-ce package,” adds the expert. The flaw does not yet have a score assigned by the Common Vulnerability Scoring System (CVSS).

Chapman ensures that if the –userns-remap function is enabled and the root user in the reassigned namespace has access to the host’s file system, the attacker will be able to modify the files in /var/lib/docker/<remapping>, leading to writing files with broad privileges.

The security alert posted by Docker Moby Project to your GitHub repository a few days ago mentions that this is a low severity vulnerability due to the complexity of the exploit, although the consequences of a successful attack could be severe.

On the possibilities of exploiting the flaw, the expert adds that this is a scenario with limitations, since it is difficult to escape the container, which represents the main complexity of this scenario.

“As far as I’ve researched, the ‘–userns-remap’ feature has not been adopted for general use,” Chapman adds. The flaw has already been fixed in docker-ce versions 19.03.15 and 20.10.3. All previous versions of those release lines were affected by the vulnerability, the security report adds.

For more information on vulnerabilities, exploits, malware variants, cybersecurity risks and information security courses, feel free to access the International Institute of Cyber Security (IICS) website.