A major security vulnerability has been found in Docker containers. Apparently, a function called FollowSymlinkInScope in Docker is prone to a race condition that can be exploited by attackers to modify resource paths.
The flaw was discovered by security researcher Aleksa Sarai, who says that the function can be used to carry out a Time-of-check to time-of-use (TOCTOU) attack. As of now, the vulnerability still remains unpatched and Docker is yet to respond with a fix. All current versions contain this flaw.
The key highlights
Sarai also describes two exploit scripts for this vulnerability, which can allow modification of resource paths. “Attacked are two reproducers of the issue. They both include a Docker image which contains a simple binary that does a RENAME_EXCHANGE of a symlink to "/" and an empty directory in a loop, hoping to hit the race condition. In both of the scripts, the user is trying to copy a file to or from a path containing the swapped symlink,” Sarai wrote in an email on the oss-sec mailing list.
Docker Inc is expected to release a patch for this flaw anytime soon.