TPS-2017-003 ZDI-CAN-3853 (Docker File Overwrite) Vulnerability

Overview

This notice is to advise Joyent’s Triton Cloud (public cloud) customers, Triton on-premises software customers and Open Source Triton users of a high-severity arbitrary Docker file overwrite vulnerability that could be introduced using Docker file copy and Docker build.

Description

The following security vulnerability has been identified by Ben with Zero Day Initiative (ZDI): ZDI-CAN-3853

Through ZDI, we have previously been made aware of this issue. Here is a brief description of the issue and the resolution:

  • Issue: Attackers could potentially break out of user zones to get a root shell in the global zone by overwriting files in the /proc mount using docker cp or docker build.
  • Resolution: The ability to manipulate files in /proc mount has been removed.

Please proceed based on the following advice:

  • The vulnerability has already been fixed throughout the Triton Cloud (public cloud). No further action is required of public cloud users.
  • On-premises Triton (SDC7) software customers can mitigate all of these issues by following the instructions referenced in the Actions You Need to Take section below.
  • Open Source Triton users can also mitigate all of these issues by following the instructions referenced in the Actions You Need to Take section below.
  • An upcoming announcement regarding this vulnerability will be published at Zero Day’s “Upcoming Advisories”.

Actions Taken by Joyent

As noted above, the fix for this vulnerability has already been applied across the entire Triton Cloud (public cloud). No further actions is required of public cloud users.

Actions You Need to Take

Triton On-Premises Software Users

You are advised to apply this fix by updating your current Triton agents to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad) or later, using the following command on the support channel:

sdcadm experimental update-agents e469cf49-4de3-4658-8419-ab42837916ad --all

Open Source Triton Users

Support

If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.

If you are an Open Source Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC (as noted above).