postgis:14-master has malware kdevtmpfsi vulnerability

[manuelep]

it seams the image of the version 14 is affected by this vulnerability: docker-library/postgres#817

[ImreSamu]

it seams ...

Ouch ...

I don't find any malware :

docker pull postgis/postgis:14-master
docker run -it --rm  postgis/postgis:14-master bash -c "find / -name kdevtmpfsi"

IMHO: It is not recommended to run the postgis/postgis and upstream docker postgres images with an open port 5432 in the cloud using a simple password, as they are vulnerable.
A brief security warning is also included in the readme.

• https://github.com/postgis/docker-postgis?tab=readme-ov-file#security

For guidance on how to handle this situation and secure your Docker image,
please refer to the recommendations provided in this discussion:

• Docker hub image for version 12.4 contains cryptominer [Confirmed!] docker-library/postgres#770 (comment)
• https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/ :
  "Some of those Docker engines weren’t configured with authentication, which make them a perfect target for Kinsing attacks."
• https://sysdig.com/blog/cloud-defense-in-depth/ ( JULY 4, 2023: Cloud Defense in Depth: Lessons from the Kinsing Malware )
• https://thenewstack.io/kinsing-malware-targets-kubernetes/ ( Jan 13th, 2023 , Kinsing Malware Targets Kubernetes )
• https://stackoverflow.com/search?q=kinsing

[manuelep]

yes I closed the issue as far as I found that the problem was related to a bad su password management... Sorry! thanks a lot! Il 10 gennaio 2024 18:21:30 CET, ImreSamu ***@***.***> ha scritto:

…

> it seams ... Ouch ... I don't find any malware : ```bash docker pull postgis/postgis:14-master docker run -it --rm postgis/postgis:14-master bash -c "find / -name kdevtmpfsi" ``` IMHO: It is not recommended to run the `postgis/postgis` and upstream docker `postgres` images with an open port 5432 in the cloud using a simple password, as they are vulnerable. A brief security warning is also included in the readme. * https://github.com/postgis/docker-postgis?tab=readme-ov-file#security For guidance on how to handle this situation and secure your Docker image, please refer to the recommendations provided in this discussion: - docker-library/postgres#770 (comment) - https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/ : "Some of those Docker engines weren’t configured with authentication, which make them a perfect target for Kinsing attacks." - https://sysdig.com/blog/cloud-defense-in-depth/ ( JULY 4, 2023: Cloud Defense in Depth: Lessons from the Kinsing Malware ) - https://thenewstack.io/kinsing-malware-targets-kubernetes/ ( Jan 13th, 2023 , Kinsing Malware Targets Kubernetes ) - https://stackoverflow.com/search?q=kinsing -- Reply to this email directly or view it on GitHub: #374 (comment) You are receiving this because you modified the open/close state. Message ID: ***@***.***>