Bypassing Docker Transport Layer Security Using Remote Code Execution
Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 87760
Bypassing Docker Transport Layer Security Using Remote Code Execution

Authors: Michael J. Hahn

Abstract:

Docker is a powerful tool used by many companies such as PayPal, MetLife, Expedia, Visa, and many others. Docker works by bundling multiple applications, binaries, and libraries together on top of an operating system image called a container. The container runs on a Docker engine that in turn runs on top of a standard operating system. This centralization saves a lot of system resources. In this paper, we will be demonstrating how to bypass Transport Layer Security and execute remote code within Docker containers built on a base image of Alpine Linux version 3.7.0 through the use of .apk files due to flaws in the Alpine Linux package management program. This exploit renders any applications built using Docker with a base image of Alpine Linux vulnerable to unwanted outside forces.

Keywords: cloud, cryptography, Docker, Linux, security

Procedia PDF Downloads 199