Security Hole Is Putting Many Containers in the Cloud at Risk

A serious security vulnerability dubbed Doomsday Docker has been discovered. If your business uses containers, here is what you need to know.

serious security vulnerability dubbed Doomsday Docker is putting containers at risk. Cybercriminals can exploit this hole to attack the system that hosts the container as well as all the other containers running on the host system. Most containers in the cloud are vulnerable.

The security hole lies in a command-line runtime tool called runC. Popular container platforms such as Docker and Kubernetes use this open-source tool to generate and run containers. “As far as container runtimes go, runC is used by just about every container engine out there,” according to one security expert.

To exploit this vulnerability, cybercriminals just need to place a malicious container within a container system. The vulnerability will allow that container to overwrite the host’s runC binary code, letting the hackers gain access to the host system and potentially all the other containers running on it. This is done with minimal interaction by the hackers.

Container platform providers are patching their software to fix the vulnerability. We can check to see if your provider has issued a patch and make sure it is installed.

Avatar

WAMS, Inc.

The experts at WAMS, Inc. all have a background in the legal industry and understand the software and the demands that come along with it. That’s why all our clients receive a dedicated account manager and engineer with specific planning that works for your business needs. We didn’t break into the tech world to pinch pennies from clients. We go into every partnership to help their business scale gracefully. Your company growth is our company growth, always.