Listen to this Post
The vulnerability exists in the Contrast CLI’s policy generation for Kata agent, specifically in the CopyFile verification routine. A malicious process on the host with VSOCK connectivity to the Kata agent can exploit missing path sanitization. The agent accepts CopyFile requests that are intended to copy files from host to guest, but due to insufficient validation, an attacker can specify arbitrary destination paths within the guest root filesystem. By chaining multiple CopyFile requests, the attacker can overwrite sensitive files such as /etc/shadow, /usr/bin/sudo, or drop SSH keys. The root cause is that the policy does not enforce that the destination path stays within allowed directories. The agent runs as root inside the VM, giving the attacker full write access. The attack requires the ability to connect to the agent’s VSOCK socket, which is accessible from privileged host processes or containers with appropriate capabilities. Once exploited, the attacker can gain complete control of the guest workload, including data exfiltration, privilege escalation, and persistence. The issue affects all versions before the patch. The fix introduces destination path prefix checking, ensuring that CopyFile cannot escape the intended temporary directory. A workaround using rego policies is available, but binary data checking complicates implementation.
Platform: Kata containers
Version: before v1.19.1
Vulnerability: Arbitrary guest write
Severity: Critical
date: 2024-06-15
Prediction: 2024-06-30
What Undercode Say:
Check if Kata agent VSOCK is exposed
ss -lx | grep kata
Simulate exploit using socat (requires host root/VSOCK access)
socat VSOCK-CONNECT:cid:port -
Rego policy snippet to block unsafe CopyFile paths
deny[bash] {
input.request = "CopyFile"
not startswith(input.dest, "/run/kata-containers/shared")
msg = "CopyFile destination outside shared directory"
}
Exploit:
- Establish VSOCK connection to guest agent (CID obtained from
kata-runtime env). - Send serialized CopyFile requests with dest = “/etc/passwd”.
- Overwrite critical files by chaining writes from a controlled host file.
- Trigger guest reboot or process restart to activate changes.
Protection from this CVE:
- Upgrade to Contrast v1.19.1 or later.
- Apply rego policy: `contrast generate –policy restrictive.rego`
– Isolate host processes from `/dev/vsock` using seccomp or AppArmor. - Run Kata with `agent_policy=yes` and enforce signed policies.
Impact:
Full guest takeover: arbitrary file write leads to container/host escape within the VM, data theft, and persistence. No CVSS score given, but remote (adjacent) attack complexity low.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
