Sneaking Around Docker and Kubernetes Isolation
Leaky Container
© Lead Image © costasz, 123RF.com
Docker containers and Kubernetes pods might not be as airtight as you think. We'll show you three potential attacks.
I recently became intrigued by a specific vulnerability affecting containers in Docker and pods in Kubernetes. The vulnerability, discovered in 2024, was quickly patched but considered just about as serious as vulnerabilities get. It was allocated the Common Vulnerabilities and Exposures (CVE) number CVE-2024-21626, and it received a severity score of 8.6 out of a possible 10 – very close to the 9.0 rating that would have marked it as critical.
The problem concerned a container runtime used in Kubernetes and Docker called runc. After a little eyestrain, having managed to simulate an attack using the CVE, I started reading about other common ways to attack Kubernetes clusters using a similar approach.
In this article, I will walk through three ways of illegitimately accessing the nodes of a Kubernetes cluster or a standalone Docker host. A successful attack of that nature, one that manages to reach the underlying node of a container, is high on the list of an attacker's main goals, and it all but delivers up the crown jewels. Accessing the nodes or hosts that containers run on potentially allows the attacker to exfiltrate data, steal security credentials, and possibly even and move laterally across a Kubernetes cluster.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Alpine Linux 3.24 Features Fresh Desktops and a Newer Kernel
If you're a fan of Alpine Linux, it's time to upgrade because the latest version has been released with KDE Plasma 6.6, Gnome 50, and Linux kernel 6.18 LTS.
-
EU Open Source Strategy Plays Key Role in Tech Sovereignty Package
Comprehensive measures adopted by the European Commission aim to reduce dependency on non-EU countries.
-
Linux Foundation Report Indicates AI Driving Tech Hiring
Within growing security and skills gaps, AI has been found to be a positive driving force behind tech hiring trends in Europe.
-
United Nations Open Source Portal Goes Live
A new open source portal seeks to coordinate and scale open source efforts across the United Nations system.
-
KDE Linux Drops AUR
KDE Linux developers have dropped the Arch User Repository from the build pipeline due to security concerns; other distributions should consider doing the same.
-
California May Exempt Linux from Its Age-Verification Law
After backlash from the Linux community, California may be backing off on its promise to force all operating systems to verify age, but one platform may still have to comply.
-
Another Logic Bug Found in Linux Kernel
Qualys has discovered a vulnerability in the Linux kernel that can be used to elevate standard user privileges.
-
Ubuntu Core 26 Offers Game-Changing Enterprise Features
Ubuntu Core 26 could be a game-changer for organizations looking for increased security and reliability.
-
AI Flooding the Linux Kernel Security Mailing List
AI is giving Linus Torvalds a headache, but not in the way you might think.
-
Top Priorities for Open Source Pros Seeking a New Job
Professional fulfillment tops the list, according to LPI report.