Access Restriction Bypass

Affecting github.com/google/gvisor/runsc/boot/filter package

Do your applications use this vulnerable package? Test your applications

Overview

github.com/google/gvisor/runsc/boot/filter is a Container Runtime Sandbox.

Affected versions of this package are vulnerable to Access Restriction Bypass. Within the seccomp sandbox, it permits access to the renameat system call, which allowed attackers to rename files on the host OS.

Remediation

Upgrade to commit 001a4c or later.

References

CVSS Score

6.8
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Changed
  • Confidentiality
    None
  • Integrity
    High
  • Availability
    None
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Credit
Unknown
CVE
CVE-2018-16359
CWE
CWE-284
Snyk ID
SNYK-GOLANG-GITHUBCOMGOOGLEGVISORRUNSCBOOTFILTER-72291
Disclosed
23 Aug, 2018
Published
13 Sep, 2018