Exploiting Alpine Linux: From vulnerability discovery to code execution

Alpine is a Linux distribution promoted as lightweight and security-oriented. In the last years it has become widely popular, mainly thanks to it's use in containers. In fact Docker itself has hired Alpine's creator to migrate all official images from Ubuntu to alpine. The official alpine image has more than 10 million pulls! I've found two critical vulnerabilities in apk - alpine's package manager. In my talk I plan to explain how I found the vulnerabilities (by fuzzing specific functions), and demonstrate the exploitation process that finally lead to remote code execution. A full attack using the vulnerabilities consists of MITMing an alpine machine or container and providing it a malicious, carefully crafted update file (See teasers 1, 2). I will also discuss the process of assigning CVE IDs, approaching the developers to responsibly issue fixes, and finally publicly disclosing the vulnerabilities. Ariel Zelivansky (Security Researcher at Twistlock) Ariel Zelivansky is a security researcher at Twistlock, dealing with hacking and securing anything related to containers. Ariel is a veteran of an elite Israeli intelligence unit, where he served in the role of a researcher.