Bug 1316127 (CVE-2016-2160) - CVE-2016-2160 Privilege escalation when changing root password in sti builder image
Summary: CVE-2016-2160 Privilege escalation when changing root password in sti builder...
Status: CLOSED ERRATA
Alias: CVE-2016-2160
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20160310,repo...
Keywords: Security
Depends On: 1315187 1315188
Blocks: 1316129 1326106 1326107
TreeView+ depends on / blocked
 
Reported: 2016-03-09 13:29 UTC by Adam Mariš
Modified: 2019-06-08 21:04 UTC (History)
12 users (show)

(edit)
A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that executes commands within the container as root, allowing them to potentially escalate privileges.
Clone Of:
(edit)
Last Closed: 2016-05-12 16:47:18 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1064 normal SHIPPED_LIVE Important: Red Hat OpenShift Enterprise 3.2 security, bug fix, and enhancement update 2016-05-12 20:19:17 UTC

Description Adam Mariš 2016-03-09 13:29:26 UTC
It was reported that by creating a new image with root password changed and using it as a sti builder image, attackers are able to gain ROOT in it. Overridding builder image scripts(e.g. assemble) can help the attackers to access the pod and/or perform remote command execution in it.

Product bugs (contain reproducer):

https://bugzilla.redhat.com/show_bug.cgi?id=1315187
https://bugzilla.redhat.com/show_bug.cgi?id=1315188

Upstream bug:

https://github.com/openshift/origin/pull/7864

Comment 1 errata-xmlrpc 2016-05-12 16:32:00 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Enterprise 3.2

Via RHSA-2016:1064 https://access.redhat.com/errata/RHSA-2016:1064


Note You need to log in before you can comment on or make changes to this bug.