postgis:14-master has malware kdevtmpfsi vulnerability

[manuelep]

it seams the image of the version 14 is affected by this vulnerability: https://github.com/docker-library/postgres/issues/817

[ImreSamu]

it seams ...

Ouch ...

I don't find any malware :

docker pull postgis/postgis:14-master
docker run -it --rm  postgis/postgis:14-master bash -c "find / -name kdevtmpfsi"

IMHO: It is not recommended to run the postgis/postgis and upstream docker postgres images with an open port 5432 in the cloud using a simple password, as they are vulnerable. A brief security warning is also included in the readme.

• https://github.com/postgis/docker-postgis?tab=readme-ov-file#security

For guidance on how to handle this situation and secure your Docker image, please refer to the recommendations provided in this discussion:

• https://github.com/docker-library/postgres/issues/770#issuecomment-704460980
• https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/ : "Some of those Docker engines weren’t configured with authentication, which make them a perfect target for Kinsing attacks."
• https://sysdig.com/blog/cloud-defense-in-depth/ ( JULY 4, 2023: Cloud Defense in Depth: Lessons from the Kinsing Malware )
• https://thenewstack.io/kinsing-malware-targets-kubernetes/ ( Jan 13th, 2023 , Kinsing Malware Targets Kubernetes )
• https://stackoverflow.com/search?q=kinsing

[manuelep]

yes I closed the issue as far as I found that the problem was related to a bad su password management... Sorry! thanks a lot!

Il 10 gennaio 2024 18:21:30 CET, ImreSamu @.***> ha scritto:

it seams ...

Ouch ...

I don't find any malware :

docker pull postgis/postgis:14-master
docker run -it --rm  postgis/postgis:14-master bash -c "find / -name kdevtmpfsi"

IMHO: It is not recommended to run the postgis/postgis and upstream docker postgres images with an open port 5432 in the cloud using a simple password, as they are vulnerable. A brief security warning is also included in the readme.

• https://github.com/postgis/docker-postgis?tab=readme-ov-file#security

For guidance on how to handle this situation and secure your Docker image, please refer to the recommendations provided in this discussion:

• https://github.com/docker-library/postgres/issues/770#issuecomment-704460980
• https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/ : "Some of those Docker engines weren’t configured with authentication, which make them a perfect target for Kinsing attacks."
• https://sysdig.com/blog/cloud-defense-in-depth/ ( JULY 4, 2023: Cloud Defense in Depth: Lessons from the Kinsing Malware )
• https://thenewstack.io/kinsing-malware-targets-kubernetes/ ( Jan 13th, 2023 , Kinsing Malware Targets Kubernetes )
• https://stackoverflow.com/search?q=kinsing

-- Reply to this email directly or view it on GitHub: https://github.com/postgis/docker-postgis/issues/374#issuecomment-1885280407 You are receiving this because you modified the open/close state.

Message ID: @.***>