The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0758 advisory. runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (attack 2). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (attack 1). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (attack 3a and attack 3b). runc 1.1.12 includes patches for this issue. (CVE-2024-21626) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
RHEL 8 : container-tools:2.0 (RHSA-2024:0758)
