Security scans flag "toybox" as a threat/vulnerability on vCenter Server appliances
search cancel

Security scans flag "toybox" as a threat/vulnerability on vCenter Server appliances

book

Article ID: 388384

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Some security applications (e.g. Rubrik) may detect a threat or vulnerability on vCenter Server appliances that hold a file like the following:

/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/<X>/fs/usr/bin/toybox

The scans flag this "toybox" tool as a potential threat.

 

vCenter Server appliances which contain these "toybox" files, return the following when running find . -name "toybox" from the /var/lib/ directory:

root@vcenter[  /var/lib  ]# find . -name "toybox"
./containerd/io.containerd.snapshotter.v1.overfs/snapshots/2/fs/usr/bin/toybox
./containerd/io.containerd.snapshotter.v1.overfs/snapshots/23/fs/usr/bin/toybox

Environment

vCenter Server 7.x

Cause

The "toybox" file is a binary tool used by vCenter/vSphere to manage and reduce the size of container (Docker) images.

Resolution

The scan can be safely ignored.

"toybox" files on vCenter Servers is expected and by design.

Powered by Wolken Software