{"id":39762,"date":"2021-01-05T10:00:20","date_gmt":"2021-01-05T01:00:20","guid":{"rendered":"https:\/\/www.creationline.com\/?p=39762"},"modified":"2021-01-04T17:11:59","modified_gmt":"2021-01-04T08:11:59","slug":"cve-2020-15257%ef%bc%9a%e6%96%b0%e3%81%9f%e3%81%aa%e8%84%86%e5%bc%b1%e6%80%a7%e3%80%81containerd-shim-api-%e3%82%92%e6%82%aa%e7%94%a8-aqua-%e3%82%b3%e3%83%b3%e3%83%86%e3%83%8a-%e3%82%bb%e3%82%ad","status":"publish","type":"post","link":"https:\/\/www.creationline.com\/tech-blog\/cloudnative\/aquasecurity\/39762","title":{"rendered":"CVE-2020-15257\uff1a\u65b0\u305f\u306a\u8106\u5f31\u6027\u3001containerd-shim API \u3092\u60aa\u7528 #aqua #\u30b3\u30f3\u30c6\u30ca #\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 #\u8106\u5f31\u6027 #containerd #CVE-2020-15257"},"content":{"rendered":"<\/p>\n

\u672c\u30d6\u30ed\u30b0\u306f\u300cAqua Security\u300d\u793e\u306e\u6280\u8853\u30d6\u30ed\u30b0\u30672020\u5e7412\u670817\u65e5\u306b\u516c\u958b\u3055\u308c\u305f\u300c CVE-2020-15257: New Vulnerability Exploits containerd-shim API <\/a>\u300d\u306e\u65e5\u672c\u8a9e\u7ffb\u8a33\u3067\u3059\u3002<\/p>\n

\"\"<\/center><\/p>\n

CVE-2020-15257\uff1a\u65b0\u305f\u306a\u8106\u5f31\u6027\u3001containerd-shim API \u3092\u60aa\u7528<\/h2>\n
\n

containerd \u306b\u65b0\u305f\u306a\u8106\u5f31\u6027\u304c\u767a\u898b\u3055\u308c\u307e\u3057\u305f(CVE-2020-15257<\/a>)\u3002\u3053\u308c\u304c\u60aa\u7528\u3055\u308c\u308b\u3068\u3001\u30b3\u30f3\u30c6\u30ca\u3092\u4ecb\u3057\u3066\u30db\u30b9\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3078\u306e\u63a5\u7d9a\u306b\u6210\u529f\u3057\u305f\u5f8c\u3001\u653b\u6483\u8005\u306f\u30db\u30b9\u30c8\u4e0a\u306e root \u6a29\u9650\u3092\u53d6\u5f97\u3067\u304d\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306f NCC Group \u793e\u306e Jeff Dileo \u6c0f\u306b\u3088\u3063\u3066\u958b\u793a\u3055\u308c\u305f\u3082\u306e\u3067\u3042\u308a\u3001Team Nautilus \u306b\u3088\u308b\u8abf\u67fb\u7d50\u679c\u3068\u3082\u4e00\u81f4\u3057\u307e\u3057\u305f\u3002<\/p>\n

Containerd \u306f\u3001Docker \u3068 Kubernetes \u306e\u57fa\u790e\u3068\u306a\u308b\u696d\u754c\u6a19\u6e96\u306e\u30b3\u30f3\u30c6\u30ca\u30e9\u30f3\u30bf\u30a4\u30e0\u3067\u3059\u3002\u30a4\u30e1\u30fc\u30b8\u306e\u8ee2\u9001\u3068\u4fdd\u7ba1\u3001\u30b3\u30f3\u30c6\u30ca\u306e\u5b9f\u884c\u3068\u76e3\u8996\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u30a2\u30bf\u30c3\u30c1\u30e1\u30f3\u30c8\u306a\u3069\u3001\u30db\u30b9\u30c8\u30b7\u30b9\u30c6\u30e0\u306e\u30b3\u30f3\u30c6\u30ca\u30e9\u30a4\u30d5\u30b5\u30a4\u30af\u30eb\u3092\u7ba1\u7406\u3067\u304d\u307e\u3059\u3002Containerd-shim \u306f\u30b3\u30f3\u30c6\u30ca\u3092\u7ba1\u7406\u3059\u308b containerd \u306e\u5b50\u30d7\u30ed\u30bb\u30b9\u3067\u3001containerd-shim API \u3092\u4ecb\u3057\u3066\u30b3\u30f3\u30c6\u30ca\u30e9\u30a4\u30d5\u30b5\u30a4\u30af\u30eb\u306e\u5404\u6a5f\u80fd\u3092 containerd \u306b\u516c\u958b\u3057\u307e\u3059\u3002<\/p>\n

\u3053\u306e API \u306f\u3001root \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u540d\u524d\u7a7a\u9593\u304b\u3089\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u62bd\u8c61\u7684\u306a\u540d\u524d\u7a7a\u9593 UNIX \u30c9\u30e1\u30a4\u30f3\u30bd\u30b1\u30c3\u30c8\u3092\u4ecb\u3057\u3066\u516c\u958b\u3055\u308c\u307e\u3059\u3002\u3053\u306e\u305f\u3081\u30db\u30b9\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3068 UID 0 \u3092\u6301\u3064\u30b3\u30f3\u30c6\u30ca\u306f\u3001\u3053\u306e API \u3078\u306e\u30a2\u30af\u30bb\u30b9\u30fbcontainerd-shim \u306b\u3088\u308b\u7279\u6a29\u30b3\u30f3\u30c6\u30ca\u306e\u5b9f\u884c\u30fb\u7279\u6a29\u53d6\u5f97\u306e\u6709\u52b9\u5316\u30fb\u30db\u30b9\u30c8\u4e0a\u3067\u306e root \u6a29\u9650\u306e\u78ba\u7acb\u306a\u3069\u3001\u60aa\u610f\u306e\u3042\u308b\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3067\u304d\u307e\u3059\u3002<\/p>\n

\u30db\u30b9\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u540d\u524d\u7a7a\u9593\u3067\u306e\u30b3\u30f3\u30c6\u30ca\u306e\u5b9f\u884c\u306f\u3001\u4ee5\u4e0b\u306e\u65b9\u6cd5\u3067\u884c\u3044\u307e\u3059\u3002<\/p>\n