Online Courses
Container Security
Online Courses
Container Security
  • Introduction
  • Intro to Containerisation
    • What is Containerization
    • Introducing Docker
    • The History of Docker
    • The Benefits & Features of Docker
    • How does Containerisation Work?
  • Docker
    • Introduction
    • Basic Docker Syntax
    • Running Your First Container
    • Intro to Dockerfiles
    • Intro to Docker Compose
    • Intro to the Docker Socket
  • Intro to Kubernetes
    • Introduction
    • Kubernetes 101
    • Kubernetes Architecture
    • Kubernetes Landscape
    • Kubernetes Configuration
    • Kubectl
    • Kubernetes & DevSecOps
  • Container Vulnerabilities
    • Container Vulnerabilities 101
    • Vulnerability 1: Privileged Containers (Capabilities)
    • Vulnerability 2: Escaping via Exposed Docker Daemon
    • Vulnerability 3: Remote Code Execution via Exposed Docker Daemon
    • Vulnerability 4: Abusing Namespaces
  • Container Hardening
    • Protecting the Docker Daemon
    • Implementing Control Groups
    • Preventing "Over-Privileged" Containers
    • Seccomp & AppArmor 101
    • Reviewing Docker Images
    • Compliance & Benchmarking
Powered by GitBook
On this page
  1. Container Vulnerabilities

Container Vulnerabilities 101

PreviousKubernetes & DevSecOpsNextVulnerability 1: Privileged Containers (Capabilities)

Last updated 8 months ago

Before we begin, it's important to re-cap some of the things learned in the Intro to Containerisation room. First, let's recall that containers are isolated and have minimal environments. The picture below depicts the environment of a container.

Some important things to note are:

Just because you have access (i.e. a foothold) to a container, it does not mean you have access to the host operating system and associated files or other containers.

Due to the minimal nature of containers (i.e. they only have the tools specified by the developer), you are unlikely to find fundamental tools such as Netcat, Wget or even Bash! This makes interacting within a container quite difficult for an attacker.

What Sort of Vulnerabilities Can We Expect To Find in Docker Containers

While Docker containers are designed to isolate applications from one another, they can still be vulnerable. For example, hard-coded passwords for an application can still be present. If an attacker is able to gain access through a vulnerable web application, for example, they will be able to find these credentials. You can see an example of a web application containing hard-coded credentials to a database server in the code snippet below:

/** Database hostname */
define( 'DB_HOST', 'localhost' );

/** Database name */
define( 'DB_NAME', 'sales' );

/** Database username */
define( 'DB_USER', 'production' );

/** Database password */
define( 'DB_PASSWORD', 'SuperstrongPassword321!' );

This, of course, isn't the only vulnerability that can be exploited in containers. The other potential attack vectors have been listed in the table below.

Vulnerability
Description

Misconfigured Containers

Misconfigured containers will have privileges that are not necessary for the operation of the container. For example, a container running in "privileged" mode will have access to the host operating system - removing the layers of isolation.

Vulnerable Images

There have been numerous incidents of popular Docker images being backdoored to perform malicious actions such as crypto mining.

Network Connectivity

A container that is not correctly networked can be exposed to the internet. For example, a database container for a web application should only be accessible to the web application container - not the internet. Additionally, containers can serve to become a method of lateral movement. Once an attacker has access to a container, they may be able to interact with other containers on the host that are not exposed to the network.