Home > Cyber News > CVE-2019-5021: Bug in Official Docker Images Based on Alpine Linux

CVE-2019-5021: Bug in Official Docker Images Based on Alpine Linux

CVE-2019-5021 is a vulnerability in the Official Docker images based on the Alpine Linux distro. The flaw has been there for at least three years, allowing logging into the root account via a blank password.

The bug was initially discovered and patched in 2015 in in build 3.2 of Alpine Linux Docker image, when regression tests were included to prevent future exploits. However, a new commit was pushed later the same year meant to simplify regression tests, and here’s where things went wrong.

What is CVE-2019-5021 all about?

According to the official description, versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. The flaw is most likely a result of a regression introduced in December of 2015.

Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user, the official advisory says.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2018-14634-linux-mutagen-astronomy-vulnerability-affects-rhel-cent-os-distros/”] CVE-2018-14634: Linux Mutagen Astronomy Vulnerability Affects RHEL and Cent OS Distros.

The problem was rediscovered by Peter Adkins of Cisco Umbrella earlier this year. The issue should not be overlooked as the official Alpine Linux Docker image has over 10 million downloads.

What is the mitigation?

The root account should be explicitly disabled in Docker images built using affected versions as a base, says Cisco Talos. A successful exploit of the vulnerability is dependent on the environment and requires the exposed service to utilize Linux RAM or another mechanism that uses the system shadow file as an authentication database.

In addition, supported builds have been updated and are “now only generated from upstream minirootfs tarballs,” as revealed by a commit from Natanael Copa, the creator of Alpine Linux. Release and update scripts have been refactored and moved to the official Alpine Linux image repository on the Docker portal, researchers said.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree