CVE-2024-35141
📋 TL;DR
This vulnerability in IBM Security Verify Access Docker allows local users to escalate privileges due to unnecessary privilege execution. It affects IBM Security Verify Access Docker versions 10.0.0 through 10.0.6. Attackers with local access can gain elevated permissions on affected systems.
💻 Affected Systems
- IBM Security Verify Access Docker
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains root/administrator privileges, compromising the entire container and potentially the host system through container escape techniques.
Likely Case
Local user escalates to higher privileges within the container, enabling unauthorized access to sensitive data and configuration.
If Mitigated
With proper container isolation and least privilege principles, impact is limited to the container environment.
🎯 Exploit Status
Requires local access to the container. No public exploit code available as of analysis.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.0.6.1 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7155356
Restart Required: Yes
Instructions:
1. Download IBM Security Verify Access Docker version 10.0.6.1 or later from IBM Fix Central. 2. Stop the vulnerable container. 3. Deploy the updated container image. 4. Verify the new version is running.
🔧 Temporary Workarounds
Container Privilege Reduction
linuxRun container with reduced privileges using Docker security options
docker run --security-opt=no-new-privileges --cap-drop=ALL --cap-add=NET_BIND_SERVICE [image]
User Namespace Remapping
linuxEnable Docker user namespace isolation to prevent privilege escalation
echo '{"userns-remap": "default"}' > /etc/docker/daemon.json
systemctl restart docker
🧯 If You Can't Patch
- Implement strict access controls to limit who can access Docker containers
- Monitor container activity for privilege escalation attempts using container security tools
🔍 How to Verify
Check if Vulnerable:
Check IBM Security Verify Access Docker version: docker inspect [container_name] | grep -i versionCheck Version:
docker inspect [container_name] | grep -i versionVerify Fix Applied:
Verify running version is 10.0.6.1 or later: docker inspect [container_name] | grep -i version📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events in container logs
- Suspicious process execution with elevated privileges
Network Indicators:
- Unusual outbound connections from container after privilege escalation
SIEM Query:
source="docker" AND (event="privilege_escalation" OR user_change="root")