ID CVE-2020-1726
Summary A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
References
Vulnerable Configurations
  • cpe:2.3:a:libpod_project:libpod:1.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:libpod_project:libpod:1.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 28-09-2020 - 15:15)
Impact:
Exploitability:
CWE CWE-552
CAPEC
  • Kerberoasting
    Through the exploitation of how service accounts leverage Kerberos authentication with Service Principal Names (SPNs), the adversary obtains and subsequently cracks the hashed credentials of a service account target to exploit its privileges. The Kerberos authentication protocol centers around a ticketing system which is used to request/grant access to services and to then access the requested services. As an authenticated user, the adversary may request Active Directory and obtain a service ticket with portions encrypted via RC4 with the private key of the authenticated account. By extracting the local ticket and saving it disk, the adversary can brute force the hashed value to reveal the target account credentials.
  • Probe System Files
    An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.
  • Collect Data from Common Resource Locations
    An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1813295
    title Skopeo doesn't handle HTTP 429 errors properly
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • comment Module container-tools:rhel8 is enabled
        oval oval:com.redhat.rhsa:tst:20190975043
      • OR
        • AND
          • comment buildah is earlier than 0:1.11.6-7.module+el8.2.0+5856+b8046c6d
            oval oval:com.redhat.rhsa:tst:20201650001
          • comment buildah is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975002
        • AND
          • comment buildah-debugsource is earlier than 0:1.11.6-7.module+el8.2.0+5856+b8046c6d
            oval oval:com.redhat.rhsa:tst:20201650003
          • comment buildah-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975004
        • AND
          • comment buildah-tests is earlier than 0:1.11.6-7.module+el8.2.0+5856+b8046c6d
            oval oval:com.redhat.rhsa:tst:20201650005
          • comment buildah-tests is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193403006
        • AND
          • comment cockpit-podman is earlier than 0:12-1.module+el8.2.0+5950+6d183a6a
            oval oval:com.redhat.rhsa:tst:20201650007
          • comment cockpit-podman is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193403008
        • AND
          • comment conmon is earlier than 2:2.0.6-1.module+el8.2.0+5182+3136e5d4
            oval oval:com.redhat.rhsa:tst:20201650009
          • comment conmon is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200348010
        • AND
          • comment container-selinux is earlier than 2:2.124.0-1.module+el8.2.0+5182+3136e5d4
            oval oval:com.redhat.rhsa:tst:20201650011
          • comment container-selinux is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975006
        • AND
          • comment containernetworking-plugins is earlier than 0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
            oval oval:com.redhat.rhsa:tst:20201650013
          • comment containernetworking-plugins is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975008
        • AND
          • comment containernetworking-plugins-debugsource is earlier than 0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
            oval oval:com.redhat.rhsa:tst:20201650015
          • comment containernetworking-plugins-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975010
        • AND
          • comment containers-common is earlier than 1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
            oval oval:com.redhat.rhsa:tst:20201650017
          • comment containers-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975012
        • AND
          • comment crit is earlier than 0:3.12-9.module+el8.2.0+5029+3ac48e7d
            oval oval:com.redhat.rhsa:tst:20201650019
          • comment crit is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20201650020
        • AND
          • comment criu is earlier than 0:3.12-9.module+el8.2.0+5029+3ac48e7d
            oval oval:com.redhat.rhsa:tst:20201650021
          • comment criu is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20201650022
        • AND
          • comment criu-debugsource is earlier than 0:3.12-9.module+el8.2.0+5029+3ac48e7d
            oval oval:com.redhat.rhsa:tst:20201650023
          • comment criu-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20201650024
        • AND
          • comment fuse-overlayfs is earlier than 0:0.7.2-5.module+el8.2.0+6060+9dbc027d
            oval oval:com.redhat.rhsa:tst:20201650025
          • comment fuse-overlayfs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975014
        • AND
          • comment fuse-overlayfs-debugsource is earlier than 0:0.7.2-5.module+el8.2.0+6060+9dbc027d
            oval oval:com.redhat.rhsa:tst:20201650027
          • comment fuse-overlayfs-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975016
        • AND
          • comment podman is earlier than 0:1.6.4-10.module+el8.2.0+6063+e761893a
            oval oval:com.redhat.rhsa:tst:20201650029
          • comment podman is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975026
        • AND
          • comment podman-debugsource is earlier than 0:1.6.4-10.module+el8.2.0+6063+e761893a
            oval oval:com.redhat.rhsa:tst:20201650031
          • comment podman-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975028
        • AND
          • comment podman-docker is earlier than 0:1.6.4-10.module+el8.2.0+6063+e761893a
            oval oval:com.redhat.rhsa:tst:20201650033
          • comment podman-docker is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975030
        • AND
          • comment podman-remote is earlier than 0:1.6.4-10.module+el8.2.0+6063+e761893a
            oval oval:com.redhat.rhsa:tst:20201650035
          • comment podman-remote is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193403038
        • AND
          • comment podman-tests is earlier than 0:1.6.4-10.module+el8.2.0+6063+e761893a
            oval oval:com.redhat.rhsa:tst:20201650037
          • comment podman-tests is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193403040
        • AND
          • comment python-podman-api is earlier than 0:1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9
            oval oval:com.redhat.rhsa:tst:20201650039
          • comment python-podman-api is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193403042
        • AND
          • comment python3-criu is earlier than 0:3.12-9.module+el8.2.0+5029+3ac48e7d
            oval oval:com.redhat.rhsa:tst:20201650041
          • comment python3-criu is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20201650042
        • AND
          • comment runc is earlier than 0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
            oval oval:com.redhat.rhsa:tst:20201650043
          • comment runc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975032
        • AND
          • comment runc-debugsource is earlier than 0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
            oval oval:com.redhat.rhsa:tst:20201650045
          • comment runc-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975034
        • AND
          • comment skopeo is earlier than 1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
            oval oval:com.redhat.rhsa:tst:20201650047
          • comment skopeo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975036
        • AND
          • comment skopeo-debugsource is earlier than 1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
            oval oval:com.redhat.rhsa:tst:20201650049
          • comment skopeo-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975038
        • AND
          • comment skopeo-tests is earlier than 1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
            oval oval:com.redhat.rhsa:tst:20201650051
          • comment skopeo-tests is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193403052
        • AND
          • comment slirp4netns is earlier than 0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
            oval oval:com.redhat.rhsa:tst:20201650053
          • comment slirp4netns is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975040
        • AND
          • comment slirp4netns-debugsource is earlier than 0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
            oval oval:com.redhat.rhsa:tst:20201650055
          • comment slirp4netns-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190975042
        • AND
          • comment toolbox is earlier than 0:0.0.7-1.module+el8.2.0+6096+9c3f08f3
            oval oval:com.redhat.rhsa:tst:20201650057
          • comment toolbox is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20193403058
        • AND
          • comment udica is earlier than 0:0.2.1-2.module+el8.2.0+4896+8f613c81
            oval oval:com.redhat.rhsa:tst:20201650059
          • comment udica is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200348054
    rhsa
    id RHSA-2020:1650
    released 2020-04-28
    severity Moderate
    title RHSA-2020:1650: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
  • rhsa
    id RHSA-2020:0680
rpms
  • podman-0:1.6.4-7.el8
  • podman-debuginfo-0:1.6.4-7.el8
  • podman-debugsource-0:1.6.4-7.el8
  • podman-docker-0:1.6.4-7.el8
  • podman-manpages-0:1.6.4-7.el8
  • podman-remote-0:1.6.4-7.el8
  • podman-remote-debuginfo-0:1.6.4-7.el8
  • podman-tests-0:1.6.4-7.el8
  • buildah-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-debuginfo-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-debugsource-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-tests-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-tests-debuginfo-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • cockpit-podman-0:12-1.module+el8.2.0+5950+6d183a6a
  • conmon-2:2.0.6-1.module+el8.2.0+5182+3136e5d4
  • container-selinux-2:2.124.0-1.module+el8.2.0+5182+3136e5d4
  • containernetworking-plugins-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containernetworking-plugins-debuginfo-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containernetworking-plugins-debugsource-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containers-common-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • crit-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-debuginfo-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-debugsource-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • fuse-overlayfs-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • fuse-overlayfs-debuginfo-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • fuse-overlayfs-debugsource-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • podman-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-debuginfo-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-debugsource-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-docker-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-remote-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-remote-debuginfo-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-tests-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • python-podman-api-0:1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9
  • python3-criu-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • runc-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • runc-debuginfo-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • runc-debugsource-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • skopeo-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-debuginfo-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-debugsource-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-tests-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • slirp4netns-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • slirp4netns-debuginfo-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • slirp4netns-debugsource-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • toolbox-0:0.0.7-1.module+el8.2.0+6096+9c3f08f3
  • udica-0:0.2.1-2.module+el8.2.0+4896+8f613c81
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1726
suse
  • openSUSE-SU-2020:1552
  • openSUSE-SU-2020:1559
Last major update 28-09-2020 - 15:15
Published 11-02-2020 - 20:15
Last modified 28-09-2020 - 15:15
Back to Top