Doomsday Docker Software Vulnerability

Posted February 17, 2019 by Sayers 

The attraction of a DevOps strategy is understandable, but sometimes I feel like the speed of business should be just a bit slower.  

At least slow enough so we security professionals can properly get on-board.  The most recent indicator of this need is the runC vulnerability just identified in the most common container toolsets in use today.  Docker, Kubernetes, or anything in this family of tooling, are potential candidates for patching against what some are calling the “Doomsday Docker” vulnerability.

In summary, a vulnerable and unpatched version of software opens up the underlying host system to a miscreant gaining root-level permissions and ultimately compromising every container on that host.

Patching aside, there are available solutions that focus strictly on securing the DevOps container ecosystem and provide a foundation for moving to a true DevSecOps strategy.  If you do not fully understand the container security market today, or how to broach that topic with your development teams, Sayers can assist.

Security Exploit CVE-2019-5736 Advisory References: 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736
https://nvd.nist.gov/vuln/detail/CVE-2019-5736

    Addresses

  • Atlanta
    675 Mansell Road, Suite 115
    Roswell, GA 30076
  • Boston
    25 Walpole Park South, Suite 12, Walpole, MA 02081
  • Rosemont
    10275 W. Higgins Road, Suite 470 Rosemont, IL 60018
  • Vernon Hills - Corporate Headquarters
    960 Woodlands Parkway Vernon Hills, IL 60061

 

  • Bloomington
    1701 E Empire St Ste 360-280 Bloomington, IL 61704
  • Chicago
    233 S Wacker Dr. Suite 9550 Chicago, IL 60606
  • Tampa
    380 Park Place, Suite 130, Clearwater, FL 33759

Have a Question?

Subscribe Contact us