{"id":21892,"date":"2025-02-14T11:12:15","date_gmt":"2025-02-14T14:12:15","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=21892"},"modified":"2025-02-17T12:15:04","modified_gmt":"2025-02-17T15:15:04","slug":"vulnerabilidade-no-nvidia-container-toolkit","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/02\/exploits\/vulnerabilidade-no-nvidia-container-toolkit\/","title":{"rendered":"Vulnerabilidade no NVIDIA Container Toolkit"},"content":{"rendered":"\n<p class=\"story-title\"><strong>Pesquisadores encontram novo exploit ignorando vulnerabilidade corrigida do NVIDIA Container Toolkit<\/strong><\/p>\n<p style=\"text-align: justify;\">Recentemente, pesquisadores de seguran\u00e7a cibern\u00e9tica descobriram uma nova vulnerabilidade no\u00a0<strong>NVIDIA Container Toolkit<\/strong>, identificada como\u00a0<strong>CVE-2025-23359<\/strong>\u00a0(CVSS score: 8.3). Essa falha permite que atacantes contornem as prote\u00e7\u00f5es de isolamento de cont\u00eaineres, obtendo acesso completo ao sistema host subjacente. A vulnerabilidade \u00e9 uma varia\u00e7\u00e3o de uma falha anterior (<strong>CVE-2024-0132<\/strong>, CVSS score: 9.0), corrigida pela NVIDIA em setembro de 2024, mas que agora foi contornada por meio de uma nova t\u00e9cnica de explora\u00e7\u00e3o.<\/p>\n<p style=\"text-align: justify;\">Neste artigo, vamos explorar os detalhes da vulnerabilidade, seu impacto e fornecer exemplos de scripts e pr\u00e1ticas recomendadas para mitigar riscos semelhantes.<\/p>\n<p>\u00a0<\/p>\n<p><strong>O que \u00e9 o CVE-2025-23359?<\/strong><\/p>\n<p style=\"text-align: justify;\">A vulnerabilidade\u00a0<strong>CVE-2025-23359<\/strong>\u00a0\u00e9 uma falha do tipo\u00a0<strong>Time-of-Check Time-of-Use (TOCTOU)<\/strong>\u00a0no NVIDIA Container Toolkit. Ela ocorre quando um cont\u00eainer malicioso manipula caminhos de arquivos durante opera\u00e7\u00f5es de montagem, permitindo que o sistema de arquivos raiz do host seja montado dentro do cont\u00eainer. Isso concede ao atacante acesso a todos os arquivos do host, podendo levar a execu\u00e7\u00e3o de c\u00f3digo, escala\u00e7\u00e3o de privil\u00e9gios, nega\u00e7\u00e3o de servi\u00e7o, divulga\u00e7\u00e3o de informa\u00e7\u00f5es e adultera\u00e7\u00e3o de dados.<\/p>\n<p>\u00a0<\/p>\n<p><strong>Vers\u00f5es afetadas:<\/strong><\/p>\n<ul>\n<li>\n<p><strong>NVIDIA Container Toolkit<\/strong>: Todas as vers\u00f5es\u00a0 e incluindo a <strong>1.17.3<\/strong>\u00a0(corrigido na vers\u00e3o\u00a0<strong>1.17.4<\/strong>).<\/p>\n<\/li>\n<li>\n<p><strong>NVIDIA GPU Operator<\/strong>: Todas as vers\u00f5es\u00a0 e incluindo a <strong>24.9.1<\/strong>\u00a0(corrigido na vers\u00e3o\u00a0<strong>24.9.2<\/strong><\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Como a vulnerabilidade funciona<\/strong><\/p>\n<p style=\"text-align: justify;\">A explora\u00e7\u00e3o da vulnerabilidade envolve a manipula\u00e7\u00e3o de\u00a0<strong>links simb\u00f3licos<\/strong>\u00a0durante opera\u00e7\u00f5es de montagem. Um cont\u00eainer malicioso pode redirecionar o caminho de montagem para fora do cont\u00eainer (ou seja, para o diret\u00f3rio raiz do host) e mont\u00e1-lo em um caminho dentro de\u00a0<code>\/usr\/lib64<\/code>. Embora o acesso inicial ao sistema de arquivos do host seja somente leitura, os atacantes podem contornar essa limita\u00e7\u00e3o interagindo com\u00a0<strong>sockets Unix<\/strong>\u00a0para criar novos cont\u00eaineres privilegiados, obtendo acesso irrestrito ao sistema de arquivos.<\/p>\n<p>\u00a0<\/p>\n<p><iframe loading=\"lazy\" title=\"NVIDIA Container Toolkit Vulnerability\" src=\"\/\/www.youtube.com\/embed\/Om5Xyzkeoak\" width=\"628\" height=\"440\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p>\u00a0<\/p>\n<p><strong>Impacto:<\/strong><\/p>\n<ul>\n<li>\n<p><strong>Execu\u00e7\u00e3o de c\u00f3digo arbitr\u00e1rio<\/strong>\u00a0no host.<\/p>\n<\/li>\n<li>\n<p><strong>Escala\u00e7\u00e3o de privil\u00e9gios<\/strong>\u00a0para obter controle total do sistema.<\/p>\n<\/li>\n<li>\n<p><strong>Monitoramento de tr\u00e1fego de rede<\/strong>\u00a0e depura\u00e7\u00e3o de processos ativos.<\/p>\n<\/li>\n<li>\n<p><strong>Acesso a dados confidenciais<\/strong>\u00a0e adultera\u00e7\u00e3o de arquivos.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Exemplos de scripts para mitiga\u00e7\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\">Abaixo est\u00e3o exemplos de scripts e pr\u00e1ticas recomendadas para mitigar riscos associados ao CVE-2025-23359 e vulnerabilidades semelhantes.<\/p>\n<p>\u00a0<\/p>\n<p>1.\u00a0<strong>Atualiza\u00e7\u00e3o do NVIDIA Container Toolkit<\/strong><\/p>\n<p style=\"text-align: justify;\">Certifique-se de que todas as inst\u00e2ncias do NVIDIA Container Toolkit estejam atualizadas para a vers\u00e3o\u00a0<strong>1.17.4<\/strong>\u00a0ou superior. Use o seguinte script para verificar e atualizar o toolkit:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token comment\"># Verifica a vers\u00e3o instalada<\/span>\nnvidia-ctk version\n\n<span class=\"token comment\"># Atualiza o NVIDIA Container Toolkit<\/span>\n<span class=\"token function\">sudo<\/span> <span class=\"token function\">apt<\/span> update\n<span class=\"token function\">sudo<\/span> <span class=\"token function\">apt<\/span> <span class=\"token function\">install<\/span> --only-upgrade nvidia-container-toolkit<br \/><br \/><\/pre>\n<\/div>\n<p>2.\u00a0<strong>Desabilitar o modo de montagem insegura<\/strong><\/p>\n<p style=\"text-align: justify;\">A vulnerabilidade ocorre devido ao uso de montagens inseguras. Desabilite a montagem de sistemas de arquivos do host em cont\u00eaineres:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token comment\"># Crie ou edite o arquivo de configura\u00e7\u00e3o do Docker<\/span>\n<span class=\"token function\">sudo<\/span> <span class=\"token function\">nano<\/span> \/etc\/docker\/daemon.json\n\n<span class=\"token comment\"># Adicione a seguinte configura\u00e7\u00e3o para desabilitar montagens inseguras<\/span>\n<span class=\"token punctuation\">{<\/span>\n  <span class=\"token string\">\"default-runtime\"<\/span><span class=\"token builtin class-name\">:<\/span> <span class=\"token string\">\"nvidia\"<\/span>,\n  <span class=\"token string\">\"runtimes\"<\/span><span class=\"token builtin class-name\">:<\/span> <span class=\"token punctuation\">{<\/span>\n    <span class=\"token string\">\"nvidia\"<\/span><span class=\"token builtin class-name\">:<\/span> <span class=\"token punctuation\">{<\/span>\n      <span class=\"token string\">\"path\"<\/span><span class=\"token builtin class-name\">:<\/span> <span class=\"token string\">\"\/usr\/bin\/nvidia-container-runtime\"<\/span>,\n      <span class=\"token string\">\"runtimeArgs\"<\/span><span class=\"token builtin class-name\">:<\/span> <span class=\"token punctuation\">[<\/span>\n        <span class=\"token string\">\"--no-cntlibs\"<\/span>\n      <span class=\"token punctuation\">]<\/span>\n    <span class=\"token punctuation\">}<\/span>\n  <span class=\"token punctuation\">}<\/span>\n<span class=\"token punctuation\">}<\/span>\n\n<span class=\"token comment\"># Reinicie o Docker para aplicar as altera\u00e7\u00f5es<\/span>\n<span class=\"token function\">sudo<\/span> systemctl restart <span class=\"token function\">docker<br \/><br \/><\/span><\/pre>\n<\/div>\n<p>3.\u00a0<strong>Monitoramento de cont\u00eaineres maliciosos<\/strong><\/p>\n<p style=\"text-align: justify;\">Use um script Python para monitorar cont\u00eaineres em busca de atividades suspeitas, como a cria\u00e7\u00e3o de links simb\u00f3licos ou montagens de sistemas de arquivos:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token keyword\">import<\/span> docker\n<span class=\"token keyword\">import<\/span> os\n\nclient <span class=\"token operator\">=<\/span> docker<span class=\"token punctuation\">.<\/span>from_env<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">check_suspicious_containers<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">for<\/span> container <span class=\"token keyword\">in<\/span> client<span class=\"token punctuation\">.<\/span>containers<span class=\"token punctuation\">.<\/span><span class=\"token builtin\">list<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n        mounts <span class=\"token operator\">=<\/span> container<span class=\"token punctuation\">.<\/span>attrs<span class=\"token punctuation\">[<\/span><span class=\"token string\">'Mounts'<\/span><span class=\"token punctuation\">]<\/span>\n        <span class=\"token keyword\">for<\/span> mount <span class=\"token keyword\">in<\/span> mounts<span class=\"token punctuation\">:<\/span>\n            <span class=\"token keyword\">if<\/span> mount<span class=\"token punctuation\">[<\/span><span class=\"token string\">'Source'<\/span><span class=\"token punctuation\">]<\/span> <span class=\"token operator\">==<\/span> <span class=\"token string\">'\/'<\/span><span class=\"token punctuation\">:<\/span>\n                <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"Cont\u00eainer suspeito encontrado: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>container<span class=\"token punctuation\">.<\/span><span class=\"token builtin\">id<\/span><span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n                <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"Montagem do sistema de arquivos raiz detectada.\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n                <span class=\"token comment\"># Tomar a\u00e7\u00e3o, como parar o cont\u00eainer<\/span>\n                container<span class=\"token punctuation\">.<\/span>stop<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token keyword\">if<\/span> __name__ <span class=\"token operator\">==<\/span> <span class=\"token string\">\"__main__\"<\/span><span class=\"token punctuation\">:<\/span>\n    check_suspicious_containers<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<br \/><br \/><\/span><\/pre>\n<\/div>\n<p>4.\u00a0<strong>Restringir acesso a sockets Unix<\/strong><\/p>\n<p>Limite o acesso a sockets Unix para evitar que cont\u00eaineres maliciosos criem novos cont\u00eaineres privilegiados:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token comment\"># Crie um grupo para usu\u00e1rios autorizados<\/span>\n<span class=\"token function\">sudo<\/span> <span class=\"token function\">groupadd<\/span> docker-socket-access\n\n<span class=\"token comment\"># Adicione usu\u00e1rios ao grupo<\/span>\n<span class=\"token function\">sudo<\/span> <span class=\"token function\">usermod<\/span> <span class=\"token parameter variable\">-aG<\/span> docker-socket-access seu_usuario\n\n<span class=\"token comment\"># Altere as permiss\u00f5es do socket Docker<\/span>\n<span class=\"token function\">sudo<\/span> <span class=\"token function\">chown<\/span> root:docker-socket-access \/var\/run\/docker.sock\n<span class=\"token function\">sudo<\/span> <span class=\"token function\">chmod<\/span> <span class=\"token number\">660<\/span> \/var\/run\/docker.sock<br \/><br \/><\/pre>\n<\/div>\n<p>5.\u00a0<strong>Verifica\u00e7\u00e3o de imagens de cont\u00eaineres<\/strong><\/p>\n<p style=\"text-align: justify;\">Use ferramentas como\u00a0<strong>Clair<\/strong>\u00a0ou\u00a0<strong>Anchore<\/strong>\u00a0para verificar imagens de cont\u00eaineres em busca de vulnerabilidades conhecidas antes de implant\u00e1-las:<\/p>\n<div class=\"md-code-block\">\n<div class=\"md-code-block-banner-wrap\">\n<div class=\"md-code-block-banner\">\n<div class=\"md-code-block-action\">\n<div class=\"ds-markdown-code-copy-button\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<pre><span class=\"token comment\"># Instale o Anchore Engine<\/span>\n<span class=\"token function\">docker-compose<\/span> <span class=\"token parameter variable\">-f<\/span> docker-compose.yaml up <span class=\"token parameter variable\">-d<\/span>\n\n<span class=\"token comment\"># Analise uma imagem de cont\u00eainer<\/span>\nanchore-cli image <span class=\"token function\">add<\/span> sua_imagem\nanchore-cli image <span class=\"token function\">wait<\/span> sua_imagem\nanchore-cli image vuln sua_imagem all<br \/><br \/><\/pre>\n<\/div>\n<p><strong>Recomenda\u00e7\u00f5es adicionais<\/strong><\/p>\n<ul>\n<li><strong>N\u00e3o desabilite o <code>--no-cntlibs<\/code><\/strong>:<\/li>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>\n<p>A NVIDIA recomenda n\u00e3o desabilitar a flag\u00a0<code>--no-cntlibs<\/code>\u00a0em ambientes de produ\u00e7\u00e3o. Essa flag impede o uso de bibliotecas de cont\u00eaineres inseguras.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Use namespaces e cgroups<\/strong>:<\/p>\n<ul>\n<li>\n<p>Aplique namespaces e cgroups para isolar cont\u00eaineres e limitar seu acesso a recursos do host.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Monitore logs de cont\u00eaineres<\/strong>:<\/p>\n<ul>\n<li>\n<p style=\"text-align: justify;\">Configure ferramentas de monitoramento, como\u00a0<strong>Prometheus<\/strong>\u00a0e\u00a0<strong>Grafana<\/strong>, para acompanhar atividades suspeitas em cont\u00eaineres.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Implemente pol\u00edticas de seguran\u00e7a<\/strong>:<\/p>\n<ul>\n<li>\n<p>Use ferramentas como\u00a0<strong>Open Policy Agent (OPA)<\/strong>\u00a0para aplicar pol\u00edticas de seguran\u00e7a em tempo de execu\u00e7\u00e3o.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\">A vulnerabilidade\u00a0<strong>CVE-2025-23359<\/strong>\u00a0no NVIDIA Container Toolkit \u00e9 um lembrete cr\u00edtico da import\u00e2ncia de manter software atualizado e adotar pr\u00e1ticas de seguran\u00e7a proativas. Ao combinar atualiza\u00e7\u00f5es de software, scripts de mitiga\u00e7\u00e3o e monitoramento cont\u00ednuo, as organiza\u00e7\u00f5es podem reduzir significativamente o risco de explora\u00e7\u00e3o de vulnerabilidades em cont\u00eaineres.<\/p>\n<p style=\"text-align: justify;\">Mantenha-se vigilante, atualizado e sempre questione atividades suspeitas em seu ambiente de cont\u00eaineres. Para mais detalhes, consulte a\u00a0<a href=\"https:\/\/docs.nvidia.com\/datacenter\/cloud-native\/container-toolkit\/overview.html\" target=\"_blank\" rel=\"noopener noreferrer\">documenta\u00e7\u00e3o oficial da NVIDIA<\/a>.<\/p>\n<p>\u00a0<\/p>\n<p>Fonte e imagens: <a href=\"https:\/\/thehackernews.com\/2025\/02\/researchers-find-new-exploit-bypassing.html\" target=\"_blank\" rel=\"noopener\">https:\/\/thehackernews.com\/2025\/02\/researchers-find-new-exploit-bypassing.html<\/a><\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Pesquisadores encontram novo exploit ignorando vulnerabilidade corrigida do NVIDIA Container Toolkit Recentemente, pesquisadores de seguran\u00e7a cibern\u00e9tica descobriram uma nova vulnerabilidade no\u00a0NVIDIA Container Toolkit, identificada como\u00a0CVE-2025-23359\u00a0(CVSS score: 8.3). Essa falha permite que atacantes contornem as prote\u00e7\u00f5es de isolamento de cont\u00eaineres, obtendo acesso completo ao sistema host subjacente. A vulnerabilidade \u00e9 uma varia\u00e7\u00e3o de uma falha anterior [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":21898,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-21892","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=21892"}],"version-history":[{"count":16,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21892\/revisions"}],"predecessor-version":[{"id":21930,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21892\/revisions\/21930"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/21898"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=21892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=21892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=21892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}