Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Common Vulnerabilities & Exposures (CVE) In Docker Containers

jmortegac
October 17, 2018
Technology
3
440

Common Vulnerabilities & Exposures (CVE) In Docker Containers

CVEs are the standard source for vulnerability details and descriptions. Security professionals use CVEs to understand vulnerabilities and what can be done to prevent them.Securing application containers requires a security strategy which includes analyze and audit docker images layer by layer.

jmortegac

October 17, 2018
Tweet

More Decks by jmortegac

See All by jmortegac
Evolution of security strategies in K8s environments
jmortega
0
5
Implementing Observability for Kubernetes
jmortega
0
9
Computación distribuida usando Python
jmortega
0
39
Seguridad_en_arquitecturas_serverless_y_entornos_cloud.pdf
jmortega
0
63
Construyendo arquitecturas zero trust sobre entornos cloud
jmortega
0
33
Tips and tricks for data science projects with Python
jmortega
0
38
Sharing secret keys in Docker containers and K8s
jmortega
0
84
Implementing cert-manager in K8s
jmortega
0
130
Python para equipos de ciberseguridad(pycones)
jmortega
0
88

Other Decks in Technology

See All in Technology
ログから学ぶgo build
nasa_desu
1
320
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
6
4.2k
LLM×Cloud Runでオンライン薬局の既存オペレーションを自動化した話
pharma_x_tech
0
670
Azure OpenAI Service リファレンスアーキテクチャからみる本番システムレベルの LLM アプリに必要な検討項目の解説 / From Azure OpenAI Reference Architecture to Production-Ready LLM Apps #serverlessdays #serverlesstokyo
koudaiii
5
1.7k
20230829_ccoe_seminar_session_3
hiashisan
0
300
コロプラゲームバックエンド共通基盤 運用・開発体制の紹介
colopl
0
110
Ubieのアプリ開発を支える自動テスト
guchey
0
150
WASMを実行する自作Microkernel, mavisの紹介
riru
0
130
勘に頼らず原因を⾒つけるためのオブザーバビリティ
sansantech
PRO
4
990
how will foundation models change robotics
keio_smilab
PRO
3
280
React Suspenseを使って遷移体験を向上させる
kobayang
3
820
Priorityを制するものはローディングを制す
edwardkenfox
4
320

Featured

See All Featured
How to train your dragon (web standard)
notwaldorf
70
4.7k
Unsuck your backbone
ammeep
660
56k
Mobile First: as difficult as doing things right
swwweet
214
8.2k
Designing with Data
zakiwarfel
93
4.5k
How To Stay Up To Date on Web Technology
chriscoyier
780
250k
Reflections from 52 weeks, 52 projects
jeffersonlam
342
19k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
30k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.2k
Navigating Team Friction
lara
177
12k
Making the Leap to Tech Lead
cromwellryan
119
8.1k
Infographics Made Easy
chrislema
236
17k
What's in a price? How to price your products and services
michaelherold
236
10k

Transcript

  1. October 17, 2018
    Common Vulnerabilities & Exposures
    (CVE) In Docker Containers
    José Manuel Ortega
    @jmortegac

    View Slide

  2. October 17, 2018
    October 17, 2018
    • Dockes images
    • Docker CVE and container threats
    • Container images scanning tools
    • NVD vulnerabilities & Vulners
    Agenda

    View Slide

  3. October 17, 2018
    October 17, 2018

    View Slide

  4. October 17, 2018
    October 17, 2018

    View Slide

  5. October 17, 2018
    October 17, 2018
    • Checking the software packages, binaries,
    libraries, operative system files, against one
    or more well known vulnerabilities databases.
    • Analyzing the Dockerfile and image
    metadata to detect security sensitive
    configurations
    • User defined policies like software packages
    blacklists, base images whitelists.
    Container image scanning

    View Slide

  6. October 17, 2018
    October 17, 2018

    View Slide

  7. October 17, 2018
    October 17, 2018
    Docker CVE
    https://www.docker.com/docker-cve-database

    View Slide

  8. October 17, 2018
    October 17, 2018
    https://www.saucs.com/cve?vendor=docker

    View Slide

  9. October 17, 2018
    October 17, 2018
    https://www.cvedetails.com/product/28125/Docker-Docker.html?vendor_id=13534

    View Slide

  10. October 17, 2018
    October 17, 2018

    View Slide

  11. October 17, 2018
    October 17, 2018
    • The Dirty Cow exploit on the Linux kernel allowing root
    privilege escalation on a host or container.
    • OpenSSL heap corruption caused by malformed key
    header and a crash caused by the presence of a specific
    extension.
    • Buffer overflow in Ruby and Python libraries allowing
    execution of malicious code.
    • Vulnerabilities like the glibc stack-based buffer
    overflow
    • SQL injection attacks that put hackers in control of a
    database container in order to steal data
    Container threats

    View Slide

  12. October 17, 2018
    October 17, 2018

    View Slide

  13. October 17, 2018
    October 17, 2018

    View Slide

  14. October 17, 2018
    October 17, 2018

    View Slide

  15. October 17, 2018
    October 17, 2018

    View Slide

  16. October 17, 2018
    October 17, 2018
    CVSS = Impact × Exploitability

    View Slide

  17. October 17, 2018
    October 17, 2018

    View Slide

  18. October 17, 2018
    October 17, 2018
    DirtyCow
    https://security-tracker.debian.org/tracker/CVE-2016-5195

    View Slide

  19. October 17, 2018
    October 17, 2018
    DirtyCow
    https://security-tracker.debian.org/tracker/CVE-2016-5195

    View Slide

  20. October 17, 2018
    October 17, 2018
    DirtyCow
    https://github.com/gebl/dirtycow-docker-vdso

    View Slide

  21. October 17, 2018
    October 17, 2018
    DirtyCow dockerfile

    View Slide

  22. October 17, 2018
    October 17, 2018
    DirtyCow execution

    View Slide

  23. October 17, 2018
    October 17, 2018
    Prevent DirtyCow with apparmor

    View Slide

  24. October 17, 2018
    October 17, 2018
    Jack-in-the-Box" Vulnerability When
    Unpacking Images (CVE-2018-8115)
    • Patched in Community version (Docker
    CE 18.03.1 and Docker CE 17.05.0-rc1)
    • https://github.com/aquasecurity/scan-cve-2
    018-8115

    View Slide

  25. October 17, 2018
    October 17, 2018
    https://github.com/aquasecurity/scan-cve-2018-8115/blob/master/
    verify.py

    View Slide

  26. October 17, 2018
    October 17, 2018
    Most vulnerable packages

    View Slide

  27. October 17, 2018
    October 17, 2018
    • CoreOS/Clair(Ubuntu CVE Tracker
    Debian Security Bug Tracker,
    Red Hat Security Data)
    • Anchore Engine
    • Dagda
    Container image scanning open-source tools

    View Slide

  28. October 17, 2018
    October 17, 2018

    View Slide

  29. October 17, 2018
    October 17, 2018

    View Slide

  30. October 17, 2018
    October 17, 2018
    $ docker exec clair_clair analyzer

    View Slide

  31. October 17, 2018
    October 17, 2018
    • Extract build, installed packages, and
    other system’s information
    • Scan images for known vulnerabilities
    with anchore CLI
    Anchore engine

    View Slide

  32. October 17, 2018
    October 17, 2018
    Anchore engine

    View Slide

  33. October 17, 2018
    October 17, 2018
    Anchore architecture

    View Slide

  34. October 17, 2018
    October 17, 2018
    Anchore navigator

    View Slide

  35. October 17, 2018
    October 17, 2018
    Anchore cli

    View Slide

  36. October 17, 2018
    October 17, 2018
    Anchore cli

    View Slide

  37. October 17, 2018
    October 17, 2018

    View Slide

  38. October 17, 2018
    October 17, 2018

    View Slide

  39. October 17, 2018
    October 17, 2018

    View Slide

  40. October 17, 2018
    October 17, 2018

    View Slide

  41. October 17, 2018
    October 17, 2018

    View Slide

  42. October 17, 2018
    October 17, 2018

    View Slide

  43. October 17, 2018
    October 17, 2018

    View Slide

  44. October 17, 2018
    October 17, 2018

    View Slide

  45. October 17, 2018
    October 17, 2018
    NVD vulnerabilities
    https://github.com/linxack/nvdparser

    View Slide

  46. October 17, 2018
    October 17, 2018
    NVD vulnerabilities

    View Slide

  47. October 17, 2018
    October 17, 2018
    Vulners

    View Slide

  48. October 17, 2018
    October 17, 2018

    View Slide

  49. October 17, 2018
    October 17, 2018
    Vulners

    View Slide

  50. October 17, 2018
    October 17, 2018

    View Slide

  51. October 17, 2018
    October 17, 2018
    Vulners

    View Slide

  52. October 17, 2018
    October 17, 2018
    Vulners

    View Slide

  53. October 17, 2018
    October 17, 2018
    Vulners

    View Slide

  54. October 17, 2018

    View Slide

  55. October 17, 2018
    Thank You Supporters

    View Slide

  56. October 17, 2018
    Meet me in the Slack channel for Q&A
    bit.ly/addo-slack

    View Slide