Utilizing Rancher Server, an attacker can create a docker container with the '/' path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to creates a cron job in the '/etc/cron.d/' path of the host server. The Docker image should exist on the target system or be a valid image from hub.docker.com. Use `check` with verbose mode to get a list of exploitable Rancher Hosts managed by the target system.
https://packetstormsecurity.com/files/144539/Rancher-Server-Docker-Exploit.html
1 comentario:
did everything according to the instructions, but for some reason the program does not see the phone. Already changed both the port and the host, letting everything through the new one. and still does not see. rebooted, restarted ... In general, everything was tried, that it was possible. Can the problem in the provider? I already simply do not know
REPLY
Publicar un comentario