In the packages buildah and podman, a vulnerability (cve-2024-1753) has been identified. This vulnerability can provide full access to the file system of the host operating system during the container assembly stage when launched with Root rights. On systems with Selinux enabled, access to the host FS is limited to read-only mode. Patches to address this vulnerability are available.
The vulnerability stems from the lack of verification for the existence of the source catalog in the root FS when mounting parts of the file system through the Mount –Bind command during the assembly at the Run stage. An attacker can exploit this by creating a symbolic link to the root FS in the container image’s initial catalog, allowing access to the host’s file system and enabling an exit from the container at the Buildah Build or Podman Build stage.
An example of a malicious Containerfile, when built with the command “Podman Build -f ~/Containerfile”, could result in accessing the contents of /etc/passwd on the host and creating files /bind_breakeout and /etc/bind_breakout2 on the host’s file system.