CVE-2021-30465
runc: vulnerable to symlink exchange attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
runc versiones anteriores a 1.0.0-rc95, permite un Container Filesystem Breakout por medio de un Salto de Directorio. Para explotar la vulnerabilidad, un atacante debe ser capaz de crear varios contenedores con una configuración de montaje bastante específica. El problema ocurre por medio de un ataque de intercambio de enlaces simbólicos que se basa en una condición de carrera
The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-08 CVE Reserved
- 2021-05-19 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (13)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/05/19/2 | Mailing List | |
https://bugzilla.opensuse.org/show_bug.cgi?id=1185405 | Issue Tracking | |
https://github.com/opencontainers/runc/releases | Release Notes | |
https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20210708-0003 | Third Party Advisory |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | <= 0.1.1 Search vendor "Linuxfoundation" for product "Runc" and version " <= 0.1.1" | - |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc1 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc10 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc2 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc3 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc4 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc5 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc6 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc7 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc8 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc9 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc90 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc91 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc92 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc93 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc94 |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
|