Symlink Attack Affecting github.com/opencontainers/runc/libcontainer Open this link in a new tab package, versions <1.0.0-rc95
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
19 May 2021
19 May 2021
How to fix?
github.com/opencontainers/runc/libcontainer to version 1.0.0-rc95 or higher.
github.com/opencontainers/runc/libcontainer is a package for a modern container runtime.
Affected versions of this package are vulnerable to Symlink Attack. The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. An attacker must have the ability to start containers using some kind of custom volume configuration, and while recommended container hardening mechanisms such as LSMs (AppArmor/SELinux) and user namespaces will restrict the amount of damage an attacker could do, they do not block this attack outright.