Summary 

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.

Details.

'dockerd' is the Docker daemon/process that manages containers through the use of different binaries for the daemon and client.  Docker daemon runs with root privileges.  As a result, all Docker operations are performed with elevated privileges with unrestricted access to the host system.  Any operations performed with elevated privileges should be audited as they play an important role in security auditing, investigating security incidents / response, system maintenance, and demonstrating compliance with required standards.  This file should be included for auditing along with other regular Linux file system and system calls as appropriate to the needs of the business.

Workaround

Customers can fix this by following the below steps.

1. Edit /etc/audit/rules.d/docker.rules
2. Add "-w /usr/bin/docker -k docker -p rxwa"
3. Add "-w /usr/bin/containerd-shim-runc-v2 -k docker -p rxwa"
4. Add "-a exit,always -F path=/run/containerd -F perm=war -k docker"
5. Execute "augenrules --load" command for the rule to take effect.
6. Validate the rule by executing "auditctl -l | grep 'docker'

Products Affected

Brocade SANnav before 2.3.1b

Solution

Security update provided in Brocade SANnav 2.4.0, 2.3.1b

Revision History

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.