Bug 733352 (CVE-2020-10749)

Summary:	<net-misc/cni-plugins-0.8.6: MiTM vulnerability (CVE-2020-10749)
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	williamh
Priority:	Normal	Flags:	nattka: sanity-check+
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8
Whiteboard:	B3 [noglsa]
Package list:	net-misc/cni-plugins-0.8.6 *	Runtime testing required:	---

Description John Helmert III archtester

2020-07-20 18:11:20 UTC

CVE-2020-10749:

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Comment 1 John Helmert III archtester

2020-07-20 18:14:38 UTC

Let's stable 0.8.6 if ready.

Comment 2 Larry the Git Cow gentoo-dev

2020-07-23 15:23:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebb1b8642b751e00b904de12b008d589e1a9c529

commit ebb1b8642b751e00b904de12b008d589e1a9c529
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-07-23 15:22:03 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-07-23 15:23:47 +0000

    net-misc/cni-plugins: stable 0.8.6 on amd64
    
    Bug: https://bugs.gentoo.org/733352
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 net-misc/cni-plugins/cni-plugins-0.8.6.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 John Helmert III archtester

2020-07-23 19:24:05 UTC

Thanks William. Please cleanup.

Comment 4 Larry the Git Cow gentoo-dev

2020-07-25 15:33:08 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19bce26bc438759a138df6dc58097cf7918849f6

commit 19bce26bc438759a138df6dc58097cf7918849f6
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2020-07-25 15:31:13 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2020-07-25 15:32:27 +0000

    net-misc/cni-plugins: security cleanup
    
    Bug: https://bugs.gentoo.org/733352
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 net-misc/cni-plugins/Manifest                 |  4 ---
 net-misc/cni-plugins/cni-plugins-0.8.2.ebuild | 38 --------------------------
 net-misc/cni-plugins/cni-plugins-0.8.3.ebuild | 38 --------------------------
 net-misc/cni-plugins/cni-plugins-0.8.4.ebuild | 39 ---------------------------
 net-misc/cni-plugins/cni-plugins-0.8.5.ebuild | 31 ---------------------
 5 files changed, 150 deletions(-)

Comment 5 John Helmert III archtester

2020-07-25 16:36:45 UTC

Thanks