Container vulnerabilities in Brocade SANnav docker containers (CVE-2024-23653 & CVE-2024-21626)
Brocade Security Advisory ID |
BSA-2024-2749 |
Component |
Docker |
|
|
Summary
Brocade Security is aware of multiple vulnerabilities affecting Brocade SANnav docker container (CVE-2024-23653 & CVE-2024-21626).
CVE-2024-23653: Interactive containers API does not validate entitlements check.
Description: Buildkit GRPC Security Mode privilege check: Build-time container breakout
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive, and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. The now-executing privileged container can use its elevated privileges (for example, full Linux capabilities) to escape from the container and achieve full host root command. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 .
BASE SCORE : 9.8 CRITICAL - Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-863 Incorrect Authorization
CVE-2024-21626: Vulnerability in a core container infrastructure component, 'runc', allows a container breakout attack.
Description: 'runc' is a CLI tool for spawning and running containers on Linux according to the OCI specification.
An attacker could use these container escapes to gain unauthorized access to the host filesystem from within the container. A malicious image could use the same attack to allow a container process to access the host filesystem through runc run. Other variants of the attacks could also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes. runc 1.1.12 includes patches for this issue.
Base Score: 8.6 HIGH - Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE-668 Exposure of Resource to Wrong Sphere
CWE-403 Exposure of File Descriptor to Unintended Control Sphere
Products Affected
- Brocade SANnav versions before 2.3.1a
- Brocade ASCG versions before 3.1.0
Products Confirmed Not Affected
- Brocade Fabric OS is Not Affected [Vex Status Code: Component_not_present]
Solution
- Security update provided in Brocade SANnav 2.3.1a
- Security update provided in Brocade ASCG 3.1.0
Revision History
Version |
Change |
Date |
1.0 |
Initial Publication |
October 14, 2024 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.