Bug 1045988 (CVE-2013-6441)
Summary: | CVE-2013-6441 lxc: sshd template allow privilege escalation on host | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acathrow, carnil, jkurik, karlthered, libvirt-maint, pfrields, sagarun, thomas.moschny |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-12-23 07:02:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kurt Seifried
2013-12-23 06:58:31 UTC
Acknowledgment: Red Hat would like to thank the Debian Project for reporting this issue. The Debian Project acknowledges Florian Sagar as the original reporter. Statement: This issue did not affect the versions of libvirt (which includes lxc) as shipped with Red Hat Enterprise Linux 6 as they do not include the template file lxc-sshd.in. Hi Kurt As per feedback from upstream this CVE assigned is disputed. The change to make the mount entry bind,ro was done as good safety net to have. But having root access to a container allows to get root to the host (see e.g http://blog.bofh.it/debian/id_413), if not using unprivileged containers or selinux/apparmor to restrict the containers. To followup, a further patch was posted: https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2 which is a similar hardening feature (or safety net). As upstream indicated, it's a known and acknowledged limitation of LXC (when not used with userns or apparmor/selinux) that root in a container is the effective equivalent of root on the host (so an individual with root in an LXC container can can change the host's lxc-sshd regardless of this issue). |