Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Common Vulnerabilities & Exposures (CVE) In Docker Containers

7c4b1ae16723b56facc7a8a8f95aa6ce?s=47 jmortegac
October 17, 2018

Common Vulnerabilities & Exposures (CVE) In Docker Containers

CVEs are the standard source for vulnerability details and descriptions. Security professionals use CVEs to understand vulnerabilities and what can be done to prevent them.Securing application containers requires a security strategy which includes analyze and audit docker images layer by layer.

7c4b1ae16723b56facc7a8a8f95aa6ce?s=128

jmortegac

October 17, 2018
Tweet

More Decks by jmortegac

Other Decks in Technology

Transcript

  1. October 17, 2018 Common Vulnerabilities & Exposures (CVE) In Docker

    Containers José Manuel Ortega @jmortegac
  2. October 17, 2018 October 17, 2018 • Dockes images •

    Docker CVE and container threats • Container images scanning tools • NVD vulnerabilities & Vulners Agenda
  3. October 17, 2018 October 17, 2018

  4. October 17, 2018 October 17, 2018

  5. October 17, 2018 October 17, 2018 • Checking the software

    packages, binaries, libraries, operative system files, against one or more well known vulnerabilities databases. • Analyzing the Dockerfile and image metadata to detect security sensitive configurations • User defined policies like software packages blacklists, base images whitelists. Container image scanning
  6. October 17, 2018 October 17, 2018

  7. October 17, 2018 October 17, 2018 Docker CVE https://www.docker.com/docker-cve-database

  8. October 17, 2018 October 17, 2018 https://www.saucs.com/cve?vendor=docker

  9. October 17, 2018 October 17, 2018 https://www.cvedetails.com/product/28125/Docker-Docker.html?vendor_id=13534

  10. October 17, 2018 October 17, 2018

  11. October 17, 2018 October 17, 2018 • The Dirty Cow

    exploit on the Linux kernel allowing root privilege escalation on a host or container. • OpenSSL heap corruption caused by malformed key header and a crash caused by the presence of a specific extension. • Buffer overflow in Ruby and Python libraries allowing execution of malicious code. • Vulnerabilities like the glibc stack-based buffer overflow • SQL injection attacks that put hackers in control of a database container in order to steal data Container threats
  12. October 17, 2018 October 17, 2018

  13. October 17, 2018 October 17, 2018

  14. October 17, 2018 October 17, 2018

  15. October 17, 2018 October 17, 2018

  16. October 17, 2018 October 17, 2018 CVSS = Impact ×

    Exploitability
  17. October 17, 2018 October 17, 2018

  18. October 17, 2018 October 17, 2018 DirtyCow https://security-tracker.debian.org/tracker/CVE-2016-5195

  19. October 17, 2018 October 17, 2018 DirtyCow https://security-tracker.debian.org/tracker/CVE-2016-5195

  20. October 17, 2018 October 17, 2018 DirtyCow https://github.com/gebl/dirtycow-docker-vdso

  21. October 17, 2018 October 17, 2018 DirtyCow dockerfile

  22. October 17, 2018 October 17, 2018 DirtyCow execution

  23. October 17, 2018 October 17, 2018 Prevent DirtyCow with apparmor

  24. October 17, 2018 October 17, 2018 Jack-in-the-Box" Vulnerability When Unpacking

    Images (CVE-2018-8115) • Patched in Community version (Docker CE 18.03.1 and Docker CE 17.05.0-rc1) • https://github.com/aquasecurity/scan-cve-2 018-8115
  25. October 17, 2018 October 17, 2018 https://github.com/aquasecurity/scan-cve-2018-8115/blob/master/ verify.py

  26. October 17, 2018 October 17, 2018 Most vulnerable packages

  27. October 17, 2018 October 17, 2018 • CoreOS/Clair(Ubuntu CVE Tracker

    Debian Security Bug Tracker, Red Hat Security Data) • Anchore Engine • Dagda Container image scanning open-source tools
  28. October 17, 2018 October 17, 2018

  29. October 17, 2018 October 17, 2018

  30. October 17, 2018 October 17, 2018 $ docker exec clair_clair

    analyzer <image_name>
  31. October 17, 2018 October 17, 2018 • Extract build, installed

    packages, and other system’s information • Scan images for known vulnerabilities with anchore CLI Anchore engine
  32. October 17, 2018 October 17, 2018 Anchore engine

  33. October 17, 2018 October 17, 2018 Anchore architecture

  34. October 17, 2018 October 17, 2018 Anchore navigator

  35. October 17, 2018 October 17, 2018 Anchore cli

  36. October 17, 2018 October 17, 2018 Anchore cli

  37. October 17, 2018 October 17, 2018

  38. October 17, 2018 October 17, 2018

  39. October 17, 2018 October 17, 2018

  40. October 17, 2018 October 17, 2018

  41. October 17, 2018 October 17, 2018

  42. October 17, 2018 October 17, 2018

  43. October 17, 2018 October 17, 2018

  44. October 17, 2018 October 17, 2018

  45. October 17, 2018 October 17, 2018 NVD vulnerabilities https://github.com/linxack/nvdparser

  46. October 17, 2018 October 17, 2018 NVD vulnerabilities

  47. October 17, 2018 October 17, 2018 Vulners

  48. October 17, 2018 October 17, 2018

  49. October 17, 2018 October 17, 2018 Vulners

  50. October 17, 2018 October 17, 2018

  51. October 17, 2018 October 17, 2018 Vulners

  52. October 17, 2018 October 17, 2018 Vulners

  53. October 17, 2018 October 17, 2018 Vulners

  54. October 17, 2018

  55. October 17, 2018 Thank You Supporters

  56. October 17, 2018 Meet me in the Slack channel for

    Q&A bit.ly/addo-slack