Docker Desktop contains a critical flaw that allows hackers to take over control of Windows computers running the software using just a few HTML requests.
Docker Desktop is still the most popular software for developers to run containers, which are packages that bundle apps and their dependencies, allowing for consistent execution across multiple platforms.
A new critical vulnerability has been identified in Docker Desktop, allowing hackers to escape container isolation and run code remotely by spinning up new containers or managing the existing images. The vulnerability has a severity rating of 9.3 out of 10.
“This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the ‘Expose daemon on tcp://localhost:2375 without TLS’ option enabled,” the description on the National Vulnerability Database reads.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc.”
The flaw was discovered and detailed by a security researcher, Felix Boulet, who demonstrated that it allows attackers to escape Windows Docker Desktop and gain full access to the host. Hackers can mount the C: drive into their privileged container.
“The entire exploit takes two POST HTTP calls from inside any container,” the researcher explained.
In practice, attackers would need to have at least a small malicious program running in one of the Docker containers to exploit the flaw. It just needs to be able to send two simple requests to spin up a malicious container with the C: drive bound. Boulet shared the proof of concept code that can be executed from any container.
Docker has patched the flaw in the latest version, 4.44.3, acknowledging that a malicious container could access the Docker Engine and launch additional containers.
“If you're running Docker Desktop, go update it now,” Boulet warns.
Philippe Dugre, a security researcher who worked with Boulet, explains that Docker Desktop on macOS is vulnerable to a lesser extent, and Linux systems are not affected by the flaw.
“Most production systems run on Linux,” the researcher said.
Only a minority of developers run untrusted code on Docker on Windows or Macs.
Your email address will not be published. Required fields are markedmarked