Practical Security Recommendations for Start-ups with Limited Budgets

Hi, my name is Alex, I’ve been an IT security professional since 2007 and I’ve recently entered the start-up world with my project In putting together this project, security has been a primary concern for me. This is both due to my background and the nature of the project, being a training platform for security professionals and enthusiasts alike. In my security career, I’ve been hired to assess countless web applications, cloud environments and computer networks for security vulnerabilities. In these assessments, it is always clear when security is ‘bolted on’ as a compliance requirement before releasing a product, or added at a later date in response to an incident. Start-ups have a rare opportunity to ‘bake’ security in at the start of a project, but this is often seen as an expensive endeavor. In this post, I aim to ease that fear and provide practical (and cheap) advice for start-ups who want to release a more secure product right from the start.

Continue reading...

Bugcrowd Big Bugs: BitBucket Pipelines Kata Containers Build Container Escape

Atlassian ran a project on Bugcrowd looking for bugs in their proposed implementation of Kata Containers within the Bitbucket Pipelines CI/CD environment.

Within the project, Researcher Alex Chapman (axjchapman) identified a vulnerability in Kata Containers which could allow processes running in the Kata VM to write to supposedly read-only volume mounts. Exploiting this vulnerability allowed a malicious build job to write semi-controlled data to arbitrary files on the host system as the root user.

This vulnerability was fixed by the Kata Containers team and assigned CVE-2020-28914.

Continue reading on

Daily Swig - Container security: Privilege escalation bug patched in Docker Engine

A vulnerability in a Docker Engine security feature potentially allowed attackers to escalate privileges from a remapped user to root.

“The two avenues of exploitation I found would allow writing of arbitrary files as the real root user” or seizing ownership of files previously accessible only by the root user, security researcher Alex Chapman, who unearthed the flaw, tells The Daily Swig.

Continue reading on

Moby - Access to remapped root allows privilege escalation to real root

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the –userns-remap option in which access to remapped root allows privilege escalation to real root. When using “–userns-remap”, if the root user in the remapped namespace has access to the host filesystem they can modify files under “/var/lib/docker/" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

Continue reading on

Kata Containers `hostPath` file write

Bugcrowd bug report to a Private Program: Kata Containers was found to be vulnerable to an issue allowing Kata VMs to write to hostPath mount points which should have been read only. This issue was fixed in the Kata Containers project and assigned CVE-2020-28914.

Continue reading on

Kata Containers - Improper file permissions for read-only volumes

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.

Continue reading on