Charles Holmes, a security researcher at Atredis Partners, discovered a new vulnerability in Kubernetes that could allow an attacker to place a malicious container on a user’s workstation. This vulnerability affects Kubernetes’ kubectl command-line tool, which lets users copy files between containers and user machines. Researcher said,
“To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. “If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user”
The container scheduler Kubernetes has been popular with developers since it was established as cloud deployment. According to JetBrains, 29% of developers now use Kubernetes. Therefore, the emergence of loopholes will attract a lot of attention.
Joel Smith, a representative of the Kubernetes ProductSecurity Committee (Kubernetes Product Safety Council), linked the vulnerability to the CVE-2019-1002101 vulnerability, which was discovered in March of this year and also enables attackers to pass kubectl Embedding a malicious container, and initially solving this problem is not complete.
Joel Smith said that an attacker could embed malicious code in a container’s tar binaries, which might allow them to write files to any path on the user’s computer when calling kubectl, but the latest vulnerabilities could be improved by upgrading kubectl to 1.12. .9, 1.13.6 and 1.14.2 or higher to fix.