A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation.
Find out more about CVE-2018-1102 from the MITRE CVE dictionary dictionary and NIST NVD.
Package source-to-image as shipped in Red Hat Software Collections has been rated as Important, because it allows an attacker to get access to the victim's machine, but it requires user interaction.
| CVSS3 Base Score | 9.9 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat OpenShift Container Platform 3.5 (atomic-openshift) | RHSA-2018:1235 | 2018-04-30 |
| Red Hat OpenShift Container Platform 3.4 (atomic-openshift) | RHSA-2018:1237 | 2018-04-30 |
| Red Hat OpenShift Container Platform 3.6 (atomic-openshift) | RHSA-2018:1233 | 2018-04-30 |
| Red Hat OpenShift Container Platform 3.2 (atomic-openshift) | RHSA-2018:1241 | 2018-04-29 |
| Red Hat OpenShift Enterprise 3.1 (atomic-openshift) | RHSA-2018:1243 | 2018-04-29 |
| Red Hat OpenShift Container Platform 3.8 (atomic-openshift) | RHSA-2018:1229 | 2018-04-28 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 (source-to-image) | RHSA-2019:0036 | 2019-01-08 |
| Red Hat OpenShift Container Platform 3.9 (atomic-openshift) | RHSA-2018:1227 | 2018-04-28 |
| Red Hat OpenShift Container Platform 3.3 (atomic-openshift) | RHSA-2018:1239 | 2018-04-29 |
| Red Hat OpenShift Container Platform 3.7 (atomic-openshift) | RHSA-2018:1231 | 2018-04-29 |
Customers can turn off the source-to-image (S2I) build strategy to prevent access to the exploitable function. Information about how to disable the source-to-image build strategy is in the product documentation.
* Disabling S2I in OpenShift Enterprise 3.0 - https://docs.openshift.com/enterprise/3.0/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.1 - https://docs.openshift.com/enterprise/3.1/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.2 - https://docs.openshift.com/enterprise/3.2/admin_guide/securing_builds.html#disabling-a-build-strategy-globally
* Disabling S2I in OpenShift Enterprise 3.3 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.4 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.5 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.6 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.6/html/cluster_administration/admin-guide-securing-builds
* Disabling S2I in OpenShift Enterprise 3.7 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html/cluster_administration/admin-guide-securing-builds
* OpenShift Enterprise 3.8 is not a production version (only for upgrades).
* Disabling S2I in OpenShift Enterprise 3.9 - https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html/cluster_administration/admin-guide-securing-builds
Vulmon