Important kernel security update: New kernel 2.6.32-042stab145.3 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab145.3 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0. It is based on the RHEL 6.10 kernel 2.6.32-754.30.2.el6 and inherits security and stability fixes from it. The new kernel also provides internal stability fixes. Vulnerability i...

Remote Code Execution (RCE)

github.com/kata-containers/runtime is vulnerable to remote code execution RCE. Insecure handling of the shared mount path and file name before a container is created, allows a malicious user to modify the host path and mount the untrusted container file system on any host path, resulting in remot...

Unspecified Vulnerability in Kata Containers

Kata Containers is an open source lightweight virtual machine builder from the Kata Containers community. A security vulnerability in Kata Containers versions 1.11 prior to 1.11.1, 1.10 prior to 1.10.5, and 1.9 and earlier can be exploited by an attacker to execute code and impersonate a kata age...

CVE-2020-2023

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10...

CVE-2020-2023

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10...

Code injection

A malicious guest compromised before a container creation e.g. a malicious guest image or a guest running multiple containers can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata...

Code injection

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10...

CVE-2020-2023

Kata Containers CVE-2020-2023: Root filesystem access was not restricted, enabling potential code execution on the guest and masquerading as the kata-agent. Affected: Kata Containers 1.11.x before 1.11.1; 1.10.x before 1.10.5; 1.9 and earlier. Remediation: upgrade to fixed releases (e.g., 1.11.1 ...

CVE-2020-2023 Kata Containers - Containers have access to the guest root filesystem device

Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10...

CVE-2020-2026 Kata Containers - Guests can trick the kata-runtime into mounting the container image on any host path

A malicious guest compromised before a container creation e.g. a malicious guest image or a guest running multiple containers can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata...

CVE-2020-2026

CVE-2020-2026 affects Kata Containers: susceptible in Kata 1.11.x prior to 1.11.1, 1.10.x prior to 1.10.5, and 1.9 and earlier. A malicious guest can trick the runtime into mounting an untrusted container filesystem on a host path, enabling possible host code execution. Affected components: kata-...

PT-2020-15250 · Kata Containers · Kata Containers

Name of the Vulnerable Software and Affected Versions: Kata Containers versions prior to 1.11.1 Kata Containers versions prior to 1.10.5 Kata Containers version 1.9 and earlier Description: A malicious guest compromised before a container creation, such as a malicious guest image or a guest runni...

DEBIAN-CVE-2020-10749

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle MitM attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and training purposes. The repository contains a variety of vulnerable environments, including Flask SSTI, Apache Parsing Vulnerability, and...

Bringing Intrinsic Security to Containers: VMware Acquires Octarine

UPDATE: On May 27, 2020 VMware officially closed its acquisition of Octarine. The blog post below has been amended to reflect that announcement. Today is a very exciting day for VMware and for our customers as we announce our acquisition of Octarine, whose innovative security platform for...

Bringing Intrinsic Security to Containers: VMware Acquires Octarine

UPDATE: On May 27, 2020 VMware officially closed its acquisition of Octarine. The blog post below has been amended to reflect that announcement. Today is a very exciting day for VMware and for our customers as we announce our acquisition of Octarine, whose innovative security platform for...

Important kernel security update: New kernel 2.6.32-042stab144.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab144.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0. It is based on the RHEL 6.10 kernel 2.6.32-754.29.2.el6 and inherits security and stability fixes from it. The new kernel also provides internal security and stability fixes...

Denial Of Service (DoS)

github.com/kata-containers/runtime is vulnerable to denial of service. A user is able to unmount any mount points on the host using a malicious symbolic link. This results in a denial of service condition where mounts are no longer accessible...

Security Bulletin: A security vulnerability has been identified in nanopb shipped with IBM Watson Machine Learning Community Edition (WMLCE)

Summary The vulnerability CVE-2020-5235 was found in the nanopb package, which is either built in to or distributed with IBM WMLCE. Vulnerability Details CVEID: CVE-2020-5235 DESCRIPTION: Nanopb is vulnerable to a denial of service, caused by a out of memory condition. By persuading a victim to...

Kata Containers Backlink Vulnerability

Kata Containers is an open source lightweight virtual machine builder from the Kata Containers community. A backlink vulnerability in Kata Containers versions prior to 1.11.0, which stems from a networked system or product that does not properly filter filenames of links or shortcuts that represe...