Container vulnerabilities in Brocade SANnav docker containers (CVE-2024-23653 & CVE-2024-21626)

Brocade SANnav

0 more products

25074

02 November 2024

02 November 2024

OPEN

MEDIUM

Multiple

Brocade Security Advisory ID

BSA-2024-2749

Component

Docker

 

 

Summary

Brocade Security is aware of multiple vulnerabilities affecting Brocade SANnav docker container (CVE-2024-23653 & CVE-2024-21626).

CVE-2024-23653: Interactive containers API does not validate entitlements check.
Description: Buildkit GRPC Security Mode privilege check: Build-time container breakout
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. The now-executing privileged container can use its elevated privileges (for example, full Linux capabilities) to escape from the container and achieve full host root command. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . 
BASE SCORE : 9.8 CRITICAL - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-863    Incorrect Authorization

CVE-2024-21626: Vulnerability in a core container infrastructure component, 'runc', allows a container breakout attack. 
Description: 'runc' is a CLI tool for spawning and running containers on Linux according to the OCI specification.
An attacker could use these container escapes to gain unauthorized access to the host filesystem from within the container. A malicious image could use the same attack to allow a container process to access the host filesystem through runc run. Other variants of the attacks could also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes. runc 1.1.12 includes patches for this issue.
Base Score: 8.6 HIGH - Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-668    Exposure of Resource to Wrong Sphere 
CWE-403    Exposure of File Descriptor to Unintended Control Sphere

Products Affected

  • Brocade SANnav versions before 2.3.1a
  • Brocade ASCG versions before 3.1.0

Products Confirmed Not Affected

  • Brocade Fabric OS is Not Affected [Vex Status Code: Component_not_present]

Solution

  • Security update provided in Brocade SANnav 2.3.1a
  • Security update provided in Brocade ASCG 3.1.0

Revision History

Version

Change

Date

1.0

Initial Publication

October 14, 2024

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.