Airlink Daemon Symbolic Link Creation Vulnerability Leading to Unauthorized Host File Access

A vulnerability in Airlink's Daemon version 1.0.0 allows attackers with access to the affected Docker container to create symbolic links in the mounted directory (/app/data). The container's bind mount can reference an arbitrary host path, enabling these symlinks to point to sensitive locations on the host filesystem. When followed by the application or other processes, these symlinks can lead to unauthorized read access of host files outside the container. This issue has been patched in version 1.0.1.

Impact

Exploitation of this vulnerability allows for the creation of symbolic links that can be used to access sensitive files on the host system from within the container. Depending on the files accessed, this could lead to a full compromise of the host.

Reproduction

To reproduce this vulnerability, access a Docker container running Airlink Daemon version 1.0.0. Within the container, create a symbolic link in the mounted directory (/app/data) that points to a sensitive location on the host filesystem. Once the symlink is created, have the application or another process follow the link, which will result in unauthorized access to the host file.

Remediation

Users can upgrade to Airlink Daemon version 1.0.1 to address this vulnerability.