Access Restriction Bypass

Affecting github.com/google/gvisor/runsc/boot/filter package

medium severity

Overview

github.com/google/gvisor/runsc/boot/filter is a Container Runtime Sandbox.

Affected versions of this package are vulnerable to Access Restriction Bypass. Within the seccomp sandbox, it permits access to the renameat system call, which allowed attackers to rename files on the host OS.

Remediation

Upgrade to commit 001a4c or later.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2018-16359
Snyk ID
SNYK-GOLANG-GITHUBCOMGOOGLEGVISORRUNSCBOOTFILTER-72291
Disclosed
23 Aug, 2018
Published
13 Sep, 2018