Vulnerability CVE-2021-21284

Vulnerability Name:

CVE-2021-21284 (CCN-196047)

Assigned:

2020-12-22

Published:

2021-02-01

Updated:

2022-04-29

Summary:

In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using "--userns-remap", if the root user in the remapped namespace has access to the host filesystem they can modify files under "/var/lib/docker/<remapping>" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

CVSS v3 Severity:

6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

2.7 Low (CVSS v2 Vector: AV:A/AC:L/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

7.7 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-22
CWE-22

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2021-21284

Source: MISC
Type: Release Notes, Vendor Advisory
https://docs.docker.com/engine/release-notes/#20103

Source: XF
Type: UNKNOWN
docker-cve202121284-priv-esc(196047)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/moby/moby/releases/tag/v19.03.15

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/moby/moby/releases/tag/v20.10.3

Source: CCN
Type: moby GIT Repository
Access to remapped root allows privilege escalation to real root

Source: CONFIRM
Type: Third Party Advisory
https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc

Source: GENTOO
Type: Patch, Third Party Advisory
GLSA-202107-23

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210226-0005/

Source: DEBIAN
Type: Third Party Advisory
DSA-4865

Source: CCN
Type: IBM Security Bulletin 6427671 (API Connect)
IBM API Connect is impacted by vulnerabilities in Docker (CVE-2021-21285, CVE-2021-21284)

Source: CCN
Type: IBM Security Bulletin 6437021 (InfoSphere Information Server)
Vulnerabilities in Docker affects IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 6439521 (Cloud Pak System Software)
Vulnerabilities in Docker affect IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6452959 (Spectrum Discover)
Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover

Source: CCN
Type: IBM Security Bulletin 6455281 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6466599 (Spectrum Protect Plus)
Vulnerabilities in MongoDB, Node.js, Docker, and XStream affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6486327 (Cloud Private)
IBM Cloud Private is vulnerable to Docker vulnerabilities (CVE-2021-21285, CVE-2021-21284)

Vulnerable Configuration:

Configuration 1:

cpe:/a:docker:docker:*:*:*:*:*:*:*:* (Version >= 20.0.0 and < 20.10.3)

OR cpe:/a:docker:docker:*:*:*:*:*:*:*:* (Version < 19.03.15)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.60.3)

Configuration CCN 1:

cpe:/a:docker:docker:19.03:*:*:*:*:*:*:*

AND

cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:2018.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:2018.4.1.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.8:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7853	P	docker-20.10.23_ce-150000.175.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95287	P	Security update for permissions (Important)	2022-08-03
oval:org.opensuse.security:def:3794	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:93148	P	(Important)	2022-07-06
oval:org.opensuse.security:def:3799	P	sysstat-12.0.2-10.24.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3801	P	sysvinit-tools-2.88+-101.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3243	P	libpython3_6m1_0-3.6.8-2.13 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94710	P	libsoup-2_4-1-2.74.2-150400.1.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94873	P	docker-20.10.12_ce-159.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94715	P	libssh2-1-1.9.0-4.13.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:93301	P	(Moderate)	2022-06-02
oval:org.opensuse.security:def:6056	P	Security update for kernel-firmware (Moderate)	2022-05-25
oval:org.opensuse.security:def:99193	P	(Important)	2022-03-30
oval:org.opensuse.security:def:100097	P	(Important)	2022-03-14
oval:org.opensuse.security:def:102000	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Critical)	2022-02-16
oval:org.opensuse.security:def:99478	P	(Important)	2022-01-25
oval:org.opensuse.security:def:112164	P	docker-20.10.6_ce-2.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:1295	P	Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP3) (Important)	2021-12-15
oval:org.opensuse.security:def:5935	P	Security update for gettext-runtime (Moderate)	2021-12-14
oval:org.opensuse.security:def:105698	P	docker-20.10.6_ce-2.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:99677	P	(Low)	2021-09-07
oval:org.opensuse.security:def:99985	P	(Moderate)	2021-08-23
oval:org.opensuse.security:def:101128	P	docker-19.03.15_ce-6.46.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62384	P	docker-19.03.15_ce-6.46.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:102196	P	Security update for qemu (Important)	2021-07-21
oval:org.opensuse.security:def:111579	P	Security update for containerd, docker, runc (Important)	2021-07-10
oval:org.opensuse.security:def:99388	P	(Critical)	2021-06-21
oval:org.opensuse.security:def:111437	P	Security update for containerd, docker, runc (Important)	2021-06-16
oval:org.opensuse.security:def:8782	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:91943	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:101423	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:69669	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:94384	P	(Important)	2021-06-11
oval:org.opensuse.security:def:108089	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:64883	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:97064	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:9346	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:92329	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:103019	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:70240	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:99088	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:93411	P	(Important)	2021-06-11
oval:org.opensuse.security:def:92727	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:93746	P	(Important)	2021-06-11
oval:org.opensuse.security:def:75896	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:93079	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:101678	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:9529	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:99646	P	(Important)	2021-06-11
oval:org.opensuse.security:def:70419	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:67145	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:94172	P	(Important)	2021-06-11
oval:org.opensuse.security:def:10100	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:100623	P	(Important)	2021-06-11
oval:org.opensuse.security:def:8977	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:92138	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:69868	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:108666	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:64890	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:98893	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:92528	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:99959	P	(Important)	2021-06-11
oval:org.opensuse.security:def:8603	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:69486	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:99279	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:93568	P	(Important)	2021-06-11
oval:org.opensuse.security:def:10279	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:92926	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:5739	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:117603	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:66828	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:93961	P	(Important)	2021-06-11
oval:org.opensuse.security:def:76213	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:93232	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:42090	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:9728	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:100294	P	(Important)	2021-06-11
oval:org.opensuse.security:def:101428	P	Security update for dtc (Low)	2021-05-13
oval:org.opensuse.security:def:20650	P	Security update for containerd, docker, runc (Important)	2021-04-30
oval:org.opensuse.security:def:49121	P	Security update for containerd, docker, runc (Important)	2021-04-30
oval:org.opensuse.security:def:20656	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-12
oval:org.opensuse.security:def:49127	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-12
oval:org.opensuse.security:def:111218	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-12
oval:org.opensuse.security:def:93595	P	(Important)	2021-02-11
oval:org.opensuse.security:def:10388	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:92995	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:99786	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:117608	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:67024	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:94005	P	(Important)	2021-02-11
oval:org.opensuse.security:def:9837	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:100372	P	(Important)	2021-02-11
oval:org.opensuse.security:def:8887	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:92048	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:69778	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:94427	P	(Important)	2021-02-11
oval:org.opensuse.security:def:108094	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:64888	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:95483	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:97212	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:92438	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:93439	P	(Important)	2021-02-11
oval:org.opensuse.security:def:92836	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:99587	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:93790	P	(Important)	2021-02-11
oval:org.opensuse.security:def:76092	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:9638	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:70528	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:94216	P	(Important)	2021-02-11
oval:org.opensuse.security:def:100706	P	(Important)	2021-02-11
oval:org.opensuse.security:def:9082	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:92243	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:69977	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:108862	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:98998	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11
oval:org.opensuse.security:def:92637	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2021-02-11

BACK