CVE-2018-1102

Impact:
Critical
Public Date:
2018-04-27
CWE:
CWE-20
Bugzilla:
1562246: CVE-2018-1102 source-to-image: tar/tar.go の ExtractTarStreamFromTarReader における不適切なパスのサニタイズ
Openshift Enterprise 3.x に同梱されている source-to-image (S2I) ビルド機能に不具合が見つかりました。tar/tar.go の ExtractTarStreamFromTarReader 内の tar ファイルにおける不適切なパス検証により、権限のエスカレートが可能になります。

Find out more about CVE-2018-1102 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 評価基準

CVSS3 基本値 9.9
CVSS3 基本評価基準 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
攻撃元区分 Network
攻撃条件の複雑さ Low
必要な特権レベル Low
ユーザ関与レベル None
スコープ Changed
機密性 High
完全性への影響 High
可用性への影響 High

Red Hat Security Errata

Platform Errata Release Date
Red Hat OpenShift Container Platform 3.5 (atomic-openshift) RHSA-2018:1235 2018-04-30
Red Hat OpenShift Container Platform 3.4 (atomic-openshift) RHSA-2018:1237 2018-04-30
Red Hat OpenShift Container Platform 3.6 (atomic-openshift) RHSA-2018:1233 2018-04-30
Red Hat OpenShift Container Platform 3.2 (atomic-openshift) RHSA-2018:1241 2018-04-29
Red Hat OpenShift Enterprise 3.1 (atomic-openshift) RHSA-2018:1243 2018-04-29
Red Hat OpenShift Container Platform 3.8 (atomic-openshift) RHSA-2018:1229 2018-04-28
Red Hat OpenShift Container Platform 3.9 (atomic-openshift) RHSA-2018:1227 2018-04-28
Red Hat OpenShift Container Platform 3.3 (atomic-openshift) RHSA-2018:1239 2018-04-29
Red Hat OpenShift Container Platform 3.7 (atomic-openshift) RHSA-2018:1231 2018-04-29

Acknowledgements

Red Hat は、この問題をご報告いただいた Michael Hanselmann 氏 (hansmi.ch) に謝意を表します。

軽減策

source-to-image (S2I) ビルドストラテジー を無効にすると、悪用可能な機能へのアクセスを防ぐことができます。S2I ビルドストラテジーを無効にする方法については、以下の製品ドキュメントを参照してください。

* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds
* OpenShift Enterprise 3.8 is not a production version (only for upgrades).
* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds

参考情報 (外部リンク)

Last Modified