Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-9676
Summary
A vulnerability exists in Podman, Buildah, and CRI-O due to a symlink traversal issue in the containers/storage library. When running a malicious image with an automatically assigned user namespace ("--userns=auto" in Podman and Buildah), the vulnerability can cause the tools to hang and result in a Denial of Service (DOS) through OOM (Out of Memory) kill. The issue arises because the containers/storage library reads "/etc/passwd" inside the container without properly validating whether it is a symlink, allowing the library to read arbitrary files on the host. The vulnerability affects github.com/containers/storage v0.21.1, v0.46.1, v1.17.0 prior to v1.51.2, and v1.52.0 prior to v1.55.1, github.com/containers/podman versions v1.9.0-rc1 prior to v5.3.0-rc1, and github.com/containers/buildah versions v1.14.6 prior to v1.38.0.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-22 - Path Traversal
Path traversal (or directory traversal), is a vulnerability that allows malicious users to traverse the server's root directory, gaining access to arbitrary files and folders such as application code & data, back-end credentials, and sensitive operating system files. In the worst-case scenario, an attacker could potentially execute arbitrary files on the server, resulting in a denial of service attack. Such an exploit may severely impact the integrity, confidentiality, and availability of an application.
Advisory Timeline
- Published
