CVE-2021-41103: Insufficiently restricted permissions on container root and plugin directories #2583
Labels
Comments
ghost
added
the
|
This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment. |
|
This issue will now be closed because it hasn't had any activity for 7 days after stale. miwithro feel free to comment again on the next 7 days to reopen or open a new issue after that time if you still have a question/issue or suggestion. |
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Impact
A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.
AKS Information:
Patched containerd to reduce directory permissions. AKS versions 1.21 and below will now be running 1.4.9. AKS versions 1.22 and above will stay with 1.5.5 , only a same-version revision.
To get the patch, ensure you upgrade to at least the 2021-09-28 VHD.
AKS
-- | --
The text was updated successfully, but these errors were encountered: