Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Common Vulnerabilities & Exposures (CVE) In Docker Containers

jmortegac
October 17, 2018
Technology
3
490

Common Vulnerabilities & Exposures (CVE) In Docker Containers

CVEs are the standard source for vulnerability details and descriptions. Security professionals use CVEs to understand vulnerabilities and what can be done to prevent them.Securing application containers requires a security strategy which includes analyze and audit docker images layer by layer.

jmortegac

October 17, 2018
Tweet

More Decks by jmortegac

See All by jmortegac
Asegurando tus APIs: Explorando el OWASP Top 10 de Seguridad en APIs
jmortega
1
18
PyGoat: Analizando la seguridad en aplicaciones Django
jmortega
1
47
Evolution of security strategies in K8s environments- All day devops
jmortega
1
26
Ciberseguridad en Blockchain y Smart Contracts: Explorando los desafíos y soluciones
jmortega
1
52
Evolution of security strategies in K8s environments
jmortega
1
20
Implementing Observability for Kubernetes
jmortega
1
18
Computación distribuida usando Python
jmortega
1
91
Seguridad_en_arquitecturas_serverless_y_entornos_cloud.pdf
jmortega
1
110
Construyendo arquitecturas zero trust sobre entornos cloud
jmortega
1
65

Other Decks in Technology

See All in Technology
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
1k
MapLibreとAmazon Location Service
dayjournal
1
160
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
790
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
530
JSON攻略法.pdf
miyakemito
8
5.1k
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
170
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
180
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
530
競技としてのKaggle、役に立つKaggle
yu4u
3
1.9k
VS CodeでAWSを操作しよう
smt7174
8
1.7k
Building Dashboards as a Hobby
egmc
0
230
DMM.com アルファ室採用案内資料
hsugita
1
160

Featured

See All Featured
Design by the Numbers
sachag
274
18k
What's new in Ruby 2.0
geeforr
337
31k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
[RailsConf 2023] Rails as a piece of cake
palkan
23
4k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Into the Great Unknown - MozCon
thekraken
10
1k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
14
1.6k
Making Projects Easy
brettharned
108
5.5k
Why Our Code Smells
bkeepers
PRO
331
56k

Transcript

  1. October 17, 2018 Common Vulnerabilities & Exposures (CVE) In Docker

    Containers José Manuel Ortega @jmortegac

  2. October 17, 2018 October 17, 2018 • Dockes images •

    Docker CVE and container threats • Container images scanning tools • NVD vulnerabilities & Vulners Agenda

  3. October 17, 2018 October 17, 2018

  4. October 17, 2018 October 17, 2018

  5. October 17, 2018 October 17, 2018 • Checking the software

    packages, binaries, libraries, operative system files, against one or more well known vulnerabilities databases. • Analyzing the Dockerfile and image metadata to detect security sensitive configurations • User defined policies like software packages blacklists, base images whitelists. Container image scanning

  6. October 17, 2018 October 17, 2018

  7. October 17, 2018 October 17, 2018 Docker CVE https://www.docker.com/docker-cve-database

  8. October 17, 2018 October 17, 2018 https://www.saucs.com/cve?vendor=docker

  9. October 17, 2018 October 17, 2018 https://www.cvedetails.com/product/28125/Docker-Docker.html?vendor_id=13534

  10. October 17, 2018 October 17, 2018

  11. October 17, 2018 October 17, 2018 • The Dirty Cow

    exploit on the Linux kernel allowing root privilege escalation on a host or container. • OpenSSL heap corruption caused by malformed key header and a crash caused by the presence of a specific extension. • Buffer overflow in Ruby and Python libraries allowing execution of malicious code. • Vulnerabilities like the glibc stack-based buffer overflow • SQL injection attacks that put hackers in control of a database container in order to steal data Container threats

  12. October 17, 2018 October 17, 2018

  13. October 17, 2018 October 17, 2018

  14. October 17, 2018 October 17, 2018

  15. October 17, 2018 October 17, 2018

  16. October 17, 2018 October 17, 2018 CVSS = Impact ×

    Exploitability

  17. October 17, 2018 October 17, 2018

  18. October 17, 2018 October 17, 2018 DirtyCow https://security-tracker.debian.org/tracker/CVE-2016-5195

  19. October 17, 2018 October 17, 2018 DirtyCow https://security-tracker.debian.org/tracker/CVE-2016-5195

  20. October 17, 2018 October 17, 2018 DirtyCow https://github.com/gebl/dirtycow-docker-vdso

  21. October 17, 2018 October 17, 2018 DirtyCow dockerfile

  22. October 17, 2018 October 17, 2018 DirtyCow execution

  23. October 17, 2018 October 17, 2018 Prevent DirtyCow with apparmor

  24. October 17, 2018 October 17, 2018 Jack-in-the-Box" Vulnerability When Unpacking

    Images (CVE-2018-8115) • Patched in Community version (Docker CE 18.03.1 and Docker CE 17.05.0-rc1) • https://github.com/aquasecurity/scan-cve-2 018-8115

  25. October 17, 2018 October 17, 2018 https://github.com/aquasecurity/scan-cve-2018-8115/blob/master/ verify.py

  26. October 17, 2018 October 17, 2018 Most vulnerable packages

  27. October 17, 2018 October 17, 2018 • CoreOS/Clair(Ubuntu CVE Tracker

    Debian Security Bug Tracker, Red Hat Security Data) • Anchore Engine • Dagda Container image scanning open-source tools

  28. October 17, 2018 October 17, 2018

  29. October 17, 2018 October 17, 2018

  30. October 17, 2018 October 17, 2018 $ docker exec clair_clair

    analyzer <image_name>

  31. October 17, 2018 October 17, 2018 • Extract build, installed

    packages, and other system’s information • Scan images for known vulnerabilities with anchore CLI Anchore engine

  32. October 17, 2018 October 17, 2018 Anchore engine

  33. October 17, 2018 October 17, 2018 Anchore architecture

  34. October 17, 2018 October 17, 2018 Anchore navigator

  35. October 17, 2018 October 17, 2018 Anchore cli

  36. October 17, 2018 October 17, 2018 Anchore cli

  37. October 17, 2018 October 17, 2018

  38. October 17, 2018 October 17, 2018

  39. October 17, 2018 October 17, 2018

  40. October 17, 2018 October 17, 2018

  41. October 17, 2018 October 17, 2018

  42. October 17, 2018 October 17, 2018

  43. October 17, 2018 October 17, 2018

  44. October 17, 2018 October 17, 2018

  45. October 17, 2018 October 17, 2018 NVD vulnerabilities https://github.com/linxack/nvdparser

  46. October 17, 2018 October 17, 2018 NVD vulnerabilities

  47. October 17, 2018 October 17, 2018 Vulners

  48. October 17, 2018 October 17, 2018

  49. October 17, 2018 October 17, 2018 Vulners

  50. October 17, 2018 October 17, 2018

  51. October 17, 2018 October 17, 2018 Vulners

  52. October 17, 2018 October 17, 2018 Vulners

  53. October 17, 2018 October 17, 2018 Vulners

  54. October 17, 2018

  55. October 17, 2018 Thank You Supporters

  56. October 17, 2018 Meet me in the Slack channel for

    Q&A bit.ly/addo-slack