VMware announcement – they resolve mishandled file descriptor vulnerability in runc container runtime (15th Feb 2019)

Preface: Docker containers can be created in VMware. Therefore, VMware and Docker can work together. Therefore, they are not just competitors.

Vulnerability background: Docker announce on 12th Feb 2019 that they are vulnerable for malicious attack. The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host.

Impact:
The attacker could trick a user with these permissions into deploying a malicious container or running docker exec for them.

Remedy: VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime (CVE-2019-5736) . For more details, please refer official details shown below: https://www.vmware.com/security/advisories/VMSA-2019-0001.html

Conclusion: VMware is committed to work with the community to help establish common, open standards and specifications for containers on Jul 2017. I think such vulnerability also has impact to Stateful Containers on vSphere with the Orchestrator architecture. Therefore may have announcement will be posted soon!