Doomsday Docker Software Vulnerability

Posted February 17, 2019 by Sayers

Sayers

Our engineering experts leverage technology to relentlessly improve how we meet the evolving demands of both our clients and our partners while staying true to our values. We foster an environment of collaboration, innovation, and dedication to the success of our team members and clients.

Tags:

The attraction of a DevOps strategy is understandable, but sometimes I feel like the speed of business should be just a bit slower.

At least slow enough so we security professionals can properly get on-board. The most recent indicator of this need is the runC vulnerability just identified in the most common container toolsets in use today. Docker, Kubernetes, or anything in this family of tooling, are potential candidates for patching against what some are calling the “Doomsday Docker” vulnerability.

In summary, a vulnerable and unpatched version of software opens up the underlying host system to a miscreant gaining root-level permissions and ultimately compromising every container on that host.

Patching aside, there are available solutions that focus strictly on securing the DevOps container ecosystem and provide a foundation for moving to a true DevSecOps strategy. If you do not fully understand the container security market today, or how to broach that topic with your development teams, Sayers can assist.

Security Exploit CVE-2019-5736 Advisory References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736

https://nvd.nist.gov/vuln/detail/CVE-2019-5736

Doomsday Docker Software Vulnerability

Sayers

Addresses

Have a Question?