Podman Vulnerable to Symlink Traversal Attack

CVE-2024-9676

6.5MEDIUM

Key Information

Vendor: Red Hat
Status: Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9; Red Hat Enterprise Linux 9.4 Extended Update Support; Red Hat Openshift Container Platform 4.12
Vendor: CVE Published:; 15 October 2024

Summary

A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (--userns=auto in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Affected Version(s)

Red Hat Enterprise Linux 8 <= 8100020241101101019.afee755d

Red Hat Enterprise Linux 9 <= 4:4.9.4-16.el9_4

Red Hat Enterprise Linux 9 <= 4:5.2.2-9.el9_5

References

https://access.redhat.com/errata/RHSA-2024:10289

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:8418

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:8428

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024
Vulnerability Reserved
Oct 9, 2024

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank Erik Sjölund <[email protected]> for reporting this issue.