REDHAT-BUG-2317467
First published: Wed Oct 09 2024(Updated: )
A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and potentially be DoSed via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. This file is only read, and if it does not properly parse as a copy of `/etc/passwd` it will cause an error (there is a small risk of information disclosure via the error message here as elements of the file that failed to parse can be included, but this is only as the user running Podman/Buildah/CRI-O so it wouldn't be a file they did not already have access to). The report here discovered that you can symlink /etc/passwd in the container to a FIFO on the host, causing a hang as the file cannot be completely read (or an OOM condition if the FIFO is continuously written to, which was then ready by Podman). This hang could occur in a critical section in the c/storage library, blocking other processes from creating containers, but could be easily solved via a SIGKILL of the affected process. The ability to potentially crash the CRI-O service via OOM kill could be more relevant, though the attacker would have to know the path of a FIFO that is regularly being written to on the host in order to do this.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Podman | ||
| Buildah | ||
| Red Hat cri-o | ||
| containers storage |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:8437
- https://access.redhat.com/errata/RHSA-2024:8418
- https://access.redhat.com/errata/RHSA-2024:8428
- https://access.redhat.com/errata/RHSA-2024:8686
- https://access.redhat.com/errata/RHSA-2024:8690
- https://access.redhat.com/errata/RHSA-2024:8694
- https://access.redhat.com/errata/RHSA-2024:8700
- https://access.redhat.com/errata/RHSA-2024:9051
- https://access.redhat.com/errata/RHSA-2024:9454
- https://access.redhat.com/errata/RHSA-2024:9459
- https://access.redhat.com/errata/RHSA-2024:8984
- https://access.redhat.com/errata/RHSA-2024:9926
- https://access.redhat.com/errata/RHSA-2024:10289
- https://access.redhat.com/errata/RHSA-2025:0876
- https://bugzilla.redhat.com/show_bug.cgi?id=2317467
Frequently Asked Questions
What is the severity of REDHAT-BUG-2317467?
The severity of REDHAT-BUG-2317467 is considered high due to the potential for denial of service via OOM kill.
How do I fix REDHAT-BUG-2317467?
To address REDHAT-BUG-2317467, it is recommended to update to the latest patched versions of Podman, Buildah, and CRI-O.
What software is affected by REDHAT-BUG-2317467?
REDHAT-BUG-2317467 affects Red Hat Podman, Red Hat Buildah, and Red Hat CRI-O.
What type of vulnerability is REDHAT-BUG-2317467?
REDHAT-BUG-2317467 is a symlink traversal vulnerability in the containers/storage library.
What impact does REDHAT-BUG-2317467 have on applications?
The impact of REDHAT-BUG-2317467 can lead to application hangs and potential denial of service when running malicious images.
- agent/severity
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- agent/references
- agent/last-modified-date
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-9676
- vendor/red hat
- canonical/red hat podman
- canonical/buildah
- canonical/red hat cri-o
- vendor/containers
- canonical/containers storage