"Jack-in-the-Box" Vulnerability When Unpacking Images (CVE-2018-8115)

"Jack-in-the-Box" Vulnerability When Unpacking Images (CVE-2018-8115)

Last week, Michael Hanselmann published details of a remote code execution vulnerability (CVE-2018-8115) that impacts Docker for Windows. As he described it: “Docker for Windows uses the Windows Host Compute Service Shim published and maintained by Microsoft. Its use of Go's “filepath.Join” function with unsanitized input allowed to create, remove and replace files in the host file system, leading to remote code execution…”

Michael has disclosed this to Microsoft (who maintain the shim), and they have issued a fix (hcsshim 0.6.10). Docker has also updated its Enterprise (latest patch releases of Docker EE 17.06) and Community editions (Docker CE 18.03.1 and Docker CE 17.05.0-rc1). So if you are running those versions, you’re protected against this CVE, and if not you should update your versions as soon as you can.

The “Jack-in-the-Box” of CVEs

Today, Michael published a POC with the details. The essence of the vulnerability is that in the “image pull” process, files from a malicious image can be extracted into any directory on the host file system. This happens as part of the image ‘unpacking’ process, where the code that process tar archive, joins the destination directory with the file path specified in an archive.

The vulnerability is that this file path is not sanitized - a file in the image can include directory traversal (e.x. ../../../), links etc. the destination file can be written to arbitrary location on victim’s host.

As to exploiting, a simple “docker pull” of specially crafted malicious image will do the trick. I want to emphasize this - one cannot ‘docker pull’ an image and then check whether it safe, it’s too late! By then, the proverbial Jack is out of the box.

Aqua tool to keep "Jack" in the box

To help the community stay safe, we at Aqua created an open-source tool that tests images as to whether they are clear of this vulnerability. You should use this if you have older versions and can’t, for some reason, upgrade them right now.

To do so, it downloads an image from a registry, without extracting it, and checks the tar archives for bad paths, links etc.

The project is available on GitHub: https://github.com/aquasecurity/scan-cve-2018-8115

This is what the output looks like:

[~] Fetching evil/image metadata...
[+] Checking layer bce2fbc256ea
[==================================================] 100%
[+] Checking layer cb1aafb71473
[==================================================] 100%
[+] Checking layer 782ba98a8cac
[==================================================] 100%
Found 5 malicious files
 Layer: 782ba98a8cac, File: ../../../../../../../../fromimage.txt
 Layer: 782ba98a8cac, File: Files\../../../../../../../../Users/All Users/Application Data/Start Menu/Programs/StartUp/evil.bat
 Layer: 782ba98a8cac, File: Files\../../../../../../../../Users/All Users/Application Data/Start Menu/Programs/StartUp/Files\script.bat
 Layer: 782ba98a8cac, File: Files\../../../../../../../Resume.txt
 Layer: 782ba98a8cac, File: Files\../../../../../../../Files\text.txt


Beyond the specific vulnerability, it’s an interesting concept that exploits the unpacking of images, something many users and tools do without giving it a second thought — including, ironically, vulnerability scanners!

Something we will continue to investigate in order to prevent it in the future.

Michael Cherny

Michael is the Chief Architect at Aqua. Michael has more than 20 years of experience in cyber security. Prior to joining Aqua, he has held senior security research positions at Microsoft, Aorato and Imperva. Michael is a regular speaker at security conferences, among them BlackHat Europe, RSA Europe and Virus Bulletin. He is a connoisseur of single malt Whisky, especially the peaty ones from Islay.