1747222 – (CVE-2019-14271) CVE-2019-14271 docker: nsswitch based config loaded inside chroot under Glibc

Bug 1747222 (CVE-2019-14271) - CVE-2019-14271 docker: nsswitch based config loaded inside chroot under Glibc

Summary: CVE-2019-14271 docker: nsswitch based config loaded inside chroot under Glibc

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-14271
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1747223 1747224
Blocks:	1747225
TreeView+	depends on / blocked

Reported:	2019-08-30 00:12 UTC by Pedro Sampaio
Modified:	2021-06-16 20:43 UTC (History)
CC List:	30 users (show)
Fixed In Version:	docker 19.03.1
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was discovered in Docker if it is compiled with Go 1.11. During a `docker cp` command, the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. An attacker could abuse this flaw by executing code with the root privileges.
Clone Of:
Environment:
Last Closed:	2019-09-09 09:42:20 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2019-08-30 00:12:02 UTC

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

References:

https://docs.docker.com/engine/release-notes/
https://github.com/moby/moby/issues/39449

Comment 1 Pedro Sampaio 2019-08-30 00:12:21 UTC

Created docker tracking bugs for this issue:

Affects: fedora-all [bug 1747223]
Affects: openstack-rdo [bug 1747224]

Comment 2 Riccardo Schirone 2019-09-02 17:30:13 UTC

Upstream PR:
https://github.com/moby/moby/pull/39612

Upstream patches:
https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545

Comment 5 Riccardo Schirone 2019-09-03 08:33:38 UTC

According to upstream this flaw affects only versions that use Go 1.11 (see https://github.com/moby/moby/pull/39612#issuecomment-517999360).

Comment 6 Riccardo Schirone 2019-09-03 08:34:30 UTC

Statement:

This issue did not affect the versions of docker as shipped with Red Hat Enterprise Linux 7 as they did not use Go 1.11.

Comment 7 Product Security DevOps Team 2019-09-09 09:42:20 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14271

Note You need to log in before you can comment on or make changes to this bug.

adimania
admiller
amurdaca
andreas.bierfert
codonell
dbecker
dj
dwalsh
fkluknav
frantisek.kluknavsky
fweimer
ichavero
jcajka
jjoyce
jschluet
kbasil
lhh
lpeer
lsm5
marianne
mburns
nalin
pkhaire
puebele
santiago
sclewis
sisharma
slinaber
vbatts
vbellur