Coming mid-July
Cybrary Reimagined.
People first, Security first.
Coming mid-July.
Cybrary Reimagined.
Celebrate Cybersecurity Awareness Month with our buy 2, get 1 offer!
People first, Security first.
Valid until October 31. Elevate your skills today!
Start for free
Free

CVE Series: “Leaky Vessels” Container Breakout (CVE-2024-21626)

CVE-2024-21626 is a severe vulnerability affecting all versions of runc up to 1.1.11, a critical component utilized by Docker and other containerization technologies like Kubernetes. This vulnerability enables an attacker to escape from a container to the underlying host operating system. Put on your red team hat to exploit this vulnerability.

1
25
M
Time
Intermediate
difficulty
1
ceu/cpe

Course Content

Introduction to Docker FREE

5m

Introduction to Docker and runc
Exploiting the Vulnerability

5m

CVE-2024-26121 Exploitation
How To Remediate CVE-2024-21626

15m

CVE-2024-26121 Mitigation
Root Cause Analysis of CVE-2024-21626

0m

Introduction to Docker and runc
Lab - Exploiting CVE-2024-21626

30m

CVE-2024-26121 Exploitation
Identify a malicious dockerfile

30m

CVE-2024-26121 Mitigation
Course Description

CVE-2024-21626 is a severe vulnerability affecting all versions of runc up to 1.1.11, a critical component utilized by Docker and other containerization technologies like Kubernetes. This vulnerability enables an attacker to escape from a container to the underlying host operating system. Exploitation can occur either through executing a malicious image or building an image using a compromised Dockerfile or base image. Specifically, the vulnerability exploits the order of operations related to the WORKDIR directive in Dockerfiles, allowing an attacker to maintain access to privileged host directory file descriptors and thereby gain full access to the host's root filesystem. This potentially leads to unauthorized data access and system control, operating under the privileges of the containerization user, typically as the root user. In this course you’ll be putting on your red team hat to exploit this vulnerability.

Target Audience

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

Course Level

Intermediate

Prerequisites

Basic knowledge of Docker as well as functional knowledge of the Linux command line.

Helpful Links

  • CVE Entry: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626 (Official CVE)
  • NIST Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-21626
  • Security Advisory: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
  • Snyk Blog: https://snyk.io/blog/cve-2024-21626-runc-process-cwd-container-breakout/ and https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
  • Exploits: https://github.com/NitroCao/CVE-2024-21626?tab=readme-ov-file
  • Red Hat Advisory: https://access.redhat.com/security/cve/cve-2024-21626
  • This course is part of a Career Path:
    No items found.

    Instructed by

    Senior Instructor
    Clint Kehr

    Clint is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Clint has trained over 1,000 law enforcement officers, prosecutors, and civilians on the dark web and dark market websites. Clint has a master’s degree in intelligence studies from American Military University where he graduated with honors and also has a master’s degree in Information Technology from Carnegie Mellon University where he graduated with highest distinction. As a former Navy Reserve Officer, Clint served in many roles, such as a division officer and department head for commands in the information warfare community.

    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a CVE Series: “Leaky Vessels” Container Breakout (CVE-2024-21626) Certificate of Completion