Security update: Critical root vulnerability in Kubernetes closed

Under certain conditions, attackers can access systems as root users via SSH using VM images created with Kubernetes. In such a position, attackers can basically do anything and completely compromise computers. A security patch is available, but it does not repair already deployed VM images.

The security problem

The Google Kubernetes system is used to manage container applications. The developers have now published an article warning of two security vulnerabilities in the Kubernetes Image Builder. If you use Nutanix or Proxmox to create VM images, the images have static access data so that attackers can access systems via SSH.

Because this login data is directly interwoven with the image in the case of Proxmox, the vulnerability (CVE-2024-9486) is considered"critical". With Nutanix, attackers would already have to manipulate the build process, so the hurdle for an attack is higher. Accordingly, the vulnerability (CVE-2024-9594) is classified as"medium".

In the warning message, the developers explain how to recognize affected images and which builder was used to create them.

Secure systems

So far, there are no reports of ongoing attacks. According to the developers, they have solved the security problem in Kubernetes Image Builder v0.1.38. All previous versions are said to be vulnerable. The repaired version now generates random passwords when creating images and the builder account is deactivated, a developer explains in a post.

The problem is that the security patch does not repair existing images. As a result, these images must be deleted and recreated with the current Image Builder.

(des)