Showing 1 - 12 of 12

CVE-2023-25173

Status Candidate

Overview

containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.

Related Files

Gentoo Linux Security Advisory 202408-01: Posted Aug 6, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202408-1 - Multiple vulnerabilities have been discovered in containerd, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.6.19 are affected.; tags | advisory, vulnerability; systems | linux, gentoo; advisories | CVE-2023-25153, CVE-2023-25173; SHA-256 | 0dbf3e639fff1a5ceb7ee6dff94afcdc6ec64756db833f8fe4546662af39043f; Download | Favorite | View

Red Hat Security Advisory 2023-5314-01: Posted Sep 21, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5314-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2020-24736, CVE-2022-21698, CVE-2022-41723, CVE-2022-48281, CVE-2023-1667, CVE-2023-2253, CVE-2023-2283, CVE-2023-24532, CVE-2023-25173, CVE-2023-2602, CVE-2023-2603, CVE-2023-26604, CVE-2023-27536, CVE-2023-28321; SHA-256 | 8cf8572f470b3beefb5a0e9b9113eb0f47bd25024311177330838258f83c2573; Download | Favorite | View

Red Hat Security Advisory 2023-4671-01: Posted Aug 24, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4671-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.30.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-25173; SHA-256 | ed14c54c0dcb242c5472de4d8937781210cd32a78805d4c4caf4ca0fb8d98f2e; Download | Favorite | View

Red Hat Security Advisory 2023-4488-01: Posted Aug 7, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4488-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.; tags | advisory; systems | linux, redhat, windows; advisories | CVE-2020-24736, CVE-2022-27191, CVE-2022-30629, CVE-2022-35252, CVE-2022-36227, CVE-2022-43552, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-25173, CVE-2023-26604, CVE-2023-27535; SHA-256 | 252acb6439c37d57d435d183f3aa4787523afbcaecc3e6fbfba5f267fd67ba49; Download | Favorite | View

Red Hat Security Advisory 2023-4226-01: Posted Jul 27, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-41723, CVE-2022-46663, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-1260, CVE-2023-24329, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-25173; SHA-256 | ce4492864dcb382a006d5197438c039f97330f652c6c8aed7cc631262735dfe7; Download | Favorite | View

Red Hat Security Advisory 2023-4025-01: Posted Jul 18, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4025-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.; tags | advisory, bypass; systems | linux, redhat, windows; advisories | CVE-2022-36227, CVE-2023-0361, CVE-2023-25173, CVE-2023-27535; SHA-256 | 44df9bd2f76286c5413fd65a278a9ce79e084219d6e99cacaf86f41a1b126c63; Download | Favorite | View

Ubuntu Security Notice USN-6202-1: Posted Jul 5, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6202-1 - David Korczynski and Adam Korczynski discovered that containerd incorrectly processed certain images with large files. An attacker could possibly use this issue to cause containerd to crash, resulting in a denial of service. It was discovered that containerd incorrectly set up supplementary groups inside a container. An attacker with direct access to the container could possibly use this issue to obtain sensitive information or execute code with higher privileges.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2023-25153, CVE-2023-25173; SHA-256 | e823ee1989c015b6a3a78bab272a96fe9d1b6c3c47bcc98a5f571ddfb1e8ba56; Download | Favorite | View

Red Hat Security Advisory 2023-3537-01: Posted Jun 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-3537-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.3.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-41723, CVE-2023-25173, CVE-2023-26054; SHA-256 | 1be5005d772c89ecf209c65a2f808ab383266ecef2cd9954695556ccd7b0f997; Download | Favorite | View

Red Hat Security Advisory 2023-3450-01: Posted Jun 6, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-3450-01 - OpenShift Serverless 1.29.0 has been released. The References section contains CVE links providing detailed severity ratings for each vulnerability. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-25173; SHA-256 | da7236d0f2323c0684fbb3d6fc94e6e005e11ba6da118b55eaf878f9f6e2b5e0; Download | Favorite | View

Red Hat Security Advisory 2023-2029-01: Posted May 11, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2029-01 - The OpenShift Security Profiles Operator v0.7.0 is now available. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2023-0475, CVE-2023-25173; SHA-256 | 008bf2df386754638ecc3c84d787cc47a38a29c366656c0ad077a162138cdb5c; Download | Favorite | View

Red Hat Security Advisory 2023-1372-01: Posted May 10, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-1372-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.; tags | advisory, bypass; systems | linux, redhat, windows; advisories | CVE-2022-41717, CVE-2023-25173; SHA-256 | 90f9e40ef64431731006b57dee187d9656b1f6d15df0e8be50a81f1dbbc854b9; Download | Favorite | View

Red Hat Security Advisory 2023-2107-01: Posted May 4, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-23916, CVE-2023-25173, CVE-2023-28617; SHA-256 | 4e5916017cd2c38d0dbb46d07a4b6c5a15d545e4b934c30942abd25556065af8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2023-25173

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems