The container orchestrate tool Discuz has a new vulnerability that allows it to execute arbitrary code within an unprivileged container, according a report by security researchers at Microsoft and a third-party.
The exploit can be used to run any arbitrary code, which is an inherent part of Docker’s underlying architecture, the researchers said.
In this example, the exploit works by running an embedded image of Docker in a container with a privileged port number (the actual port number can be changed by using the Dockerfile, and can be found on GitHub) and an attacker could remotely execute code in the container by using a crafted image that contains the exploit, the report said.
The vulnerability can be deployed in any container running a Linux distro, with the exploitation using the container’s port number as a parameter.
The researchers identified the vulnerability after running a sample test to verify that the exploit worked.
When they tested it, the vulnerability allowed them to bypass the Docker’s sandbox protection mechanism and execute code.
This was because the exploit allows the attacker to set the port number to a value that will trigger an arbitrary command, which could be used for a denial of service attack, they wrote.
The Exploit is also able to be run as root, and the attacker can create a container that has the exploit in it, then run it as root.
In this scenario, the container would have the privilege to execute code, and be allowed to use any of its services, including the container itself, which allows the container to execute any arbitrary command.
The exploitation is a bit like a virtual machine with a memory corruption vulnerability, the CVE ID reported by Microsoft.
It was not known at the time of the discovery whether the exploit could be exploited by other, unprivilege-escalated means, the developers wrote.
While the vulnerability can allow an attacker to cause a denial-of-service attack, it’s not possible to completely bypass it by running code, the authors added.
The developers also pointed out that while they discovered the vulnerability, it did not affect any existing releases of Docker, which has been around since 2015.
The latest Docker release supports Docker 1.7, and is currently being tested by developers.