Breach, Content

DHS Warning: runc Container Vulnerability Threatens Docker, Kubernetes

The Department of Homeland Security (DHS), Red Hat and Amazon Web Services (AWS) are warning customers about a runc Open Source Container Vulnerability that impacts Docker, Kubernetes and other software container technologies.

The container vulnerability, widely known as CVE-2019-5736, comes with this warning:

"The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn't matter if the command is not attacker-controlled) as root within a container in either of these contexts:

  • Creating a new container using an attacker-controlled image.
  • Attaching (docker exec) into an existing container which the attacker had previous write access to."

Patching information is described here.

Red Hat, Amazon Web Services: CVE-2019-5736 Vulnerability Statements

A Red Hat blog described the serious nature of the vulnerability:

"Exploiting this vulnerability means that malicious code could potentially break containment, impacting not just a single container, but the entire container host, ultimately compromising the hundreds-to-thousands of other containers running on it. While there are very few incidents that could qualify as a doomsday scenario for enterprise IT, a cascading set of exploits affecting a wide range of interconnected production systems qualifies...and that’s exactly what this vulnerability represents."

This Red Hat article about the vulnerability further describes the vulnerability as well as remediation steps that users can take to fully patch the flaw.

Amazon Web Services also is warning customers about the vulnerability and outlining which AWS services may require customer updating.

Container Security: MSSP Market Opportunity

The container vulnerability highlights the growing need for container-centric security solutions, experts assert.

Roughly 87 percent of organizations had developed container deployment plans by 2017, with 40 percent already in production deployment at that time, 451 Research notes. Not by coincidence, the global data center security market has been growing thanks in part to the rising demand for Docker containers, a 2017 report indicated.

Among those moving into the market: Qualys, a cloud-based security and compliance solutions provider, released the Qualys Container Security solution on the AWS Marketplace in November 2018. Qualys earlier in that year had acquired Layered Insight, a company that specializes in container-native application protection.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.