sameersbn / docker-bind

Dockerize BIND DNS server with webmin for DNS administration
MIT License
919 stars 333 forks source link

Security Vuln: Auth'd RCE w/ escalation to root (Webmin 1.920) #84

Closed jmullentech closed 4 years ago

jmullentech commented 5 years ago

The version of Webmin packaged in this image (1.920) is vulnerable to CVE-2019-15642.

Put simply, a call to the unserialise_variable function (and an associated eval statement) via a specially crafted POST request allows the attacker to pass shell commands directly to the container which are executed as root.

I've attached two screenshots demonstrating the ability to obtain RCE and ultimately a fully interactive reverse shell on the Docker container.

I'd strongly recommend updating the image to contain the latest release of Webmin.

rooted01 rooted02

stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

WoosterInitiative commented 4 years ago

This has been marked stale, but it is still a real issue. There is an existing pull request to fix this and it should be addressed sooner rather than later.

jmullentech commented 4 years ago

Yeah this is still an issue. I'd recommend moving to another Docker image for a DNS solution. I was able to switch over to PiHole, added my own domain entries, etc. with a down time of about 30 seconds. Took all of 5 minutes. If @sameersbn can't even find the time to respond to issues, he's not gonna take the time to update his image.

TL'DR - Move on to something that's actually supported and doesn't have gaping security vulns. Not worth the risk, IMO.

noel-jackson commented 4 years ago

You could download the files, make the appropriate modifications and build it yourself. This way you can keep it up to date. You could even host your own registry and manage updates that way.

If that's outside of your wheelhouse then yes, do find another image/solution.

If you're not familiar with Dockerfile or docker-compose it is worth the effort.