Arbitrary code execution in centos template
Bug #1661447 reported by
Gianni Tedesco
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
All the RPM's which get installed in an lxc-centos container are downloaded insecurely over http and then installed with yum --nogpgcheck. A man in the middle attacker, web proxy admin, or whoever can use this to install arbitrary code in to the container which will then get executed as root.
The GPG keys should probably be shipped as part of the package where they are covered by the root of trust for the host distro. Or at the very least, https should be used to fetch the RPMs.
CVE References
To post a comment you must log in.
Thanks for the report Gianni, I subscribed the LXC team for their feedback.