DC/OS Marathon UI Docker Privilege Escalation

Posted by deepcore on June 8, 2017 – 3:10 pm

Utilizing the DCOS Cluster’s Marathon UI, an attacker can create a docker container with the ‘/’ path mounted with read/write permissions on the host server that is running the docker container. As the docker container executes command as uid 0 it is honored by the host operating system allowing the attacker to edit/create files owed by root. This exploit abuses this to create a cron job in the ‘/etc/cron.d/’ path of the host server. Note that the docker image must be a valid docker image from hub.docker.com. Further more the docker container will only deploy if there are resources available in the DC/OS cluster.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Craft CMS 2.6 Cross Site Scripting / File Upload Xavier 2.4 SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

DC/OS Marathon UI Docker Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL