Privilege escalation vulnerability patched in Docker Desktop for Windows

guest · May 22, 2020

Privilege escalation vulnerability patched in Docker Desktop for Windows
The security flaw could be used to trick the service into connecting to malicious processes
May 22, 2020
https://www.zdnet.com/article/privi...bility-patched-in-docker-desktop-for-windows/

A severe privilege escalation vulnerability has been patched in the Windows Docker Desktop Service.

On Friday, cybersecurity researchers from Pen Test Partners publicly disclosed the problem, a privilege escalation vulnerability buried in how the software uses pipes.
The vulnerability, tracked as CVE-2020-11492, was discovered after analyzing how Docker Desktop for Windows -- the primary service platform for Docker -- uses named pipes when communicating as a client to child processes.

According to the team, the software "can be tricked into connecting to a named pipe that has been set up by a malicious lower privilege process."
Click to expand...

Named pipes are able to impersonate the running client account which "allows the service to drop its credentials in favor of the connecting client," Pen Test Partner notes, and while this is a legitimate feature, in some cases, it can also be abused.

A day later, fixes were pushed to the Edge release of Docker and a CVE number was assigned. On May 11, Docker released version 2.3.0.2 which includes a patch for the vulnerability, involving the use of the SecurityIdentification impersonation level when connecting to the named pipes of spawned child processes.
Click to expand...

Pen Test Partners: Docker Desktop for Windows PrivEsc (CVE-2020-11492)

When initially disclosing, Docker denied that the vulnerability even existed. Their stance was that impersonation is a Windows feature and that we should speak to Microsoft.
After a few emails back and forth, then finally submitting a working PoC, Docker did agree that it was a security vulnerability and as such have now issued a fix.
Click to expand...

Log in or Sign up

Privilege escalation vulnerability patched in Docker Desktop for Windows

guest Guest

Log in or Sign up

Privilege escalation vulnerability patched in Docker Desktop for Windows

guest Guest

Useful Searches