CVE-2019-5736

Опубликовано: 11 фев. 2019

Источник: nvd

CVSS3: 8.6

CVSS2: 9.3

EPSS Средний

Описание

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2019/03/23/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/06/4
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/24/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/29/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/01/31/6
http://www.openwall.com/lists/oss-security/2024/02/01/1

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*

Версия до 18.09.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*

Версия до 0.1.1 (включая)

cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*

Версия до 3.2.0 (исключая)

Конфигурация 6

cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*

Конфигурация 7

Одно из

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Конфигурация 8

Одно из

cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*

Версия от 1.4.0 (включая) до 1.4.3 (исключая)

cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*

Версия от 1.5.0 (включая) до 1.5.3 (исключая)

cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*

Версия от 1.6.0 (включая) до 1.6.2 (исключая)

cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*

Версия от 1.7.0 (включая) до 1.7.2 (исключая)

Конфигурация 9

Одно из

cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*

cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Конфигурация 10

Одно из

cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*

Версия до 2.2.0-1.13.3 (исключая)

cpe:2.3:o:d2iq:dc\/os:*:*:*:*:*:*:*:*

Версия до 1.10.10 (исключая)

cpe:2.3:o:d2iq:dc\/os:*:*:*:*:*:*:*:*

Версия от 1.10.11 (включая) до 1.11.9 (исключая)

cpe:2.3:o:d2iq:dc\/os:*:*:*:*:*:*:*:*

Версия от 1.11.10 (включая) до 1.12.1 (исключая)

Конфигурация 11

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 12

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 13

Одно из

cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*

cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*

cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*

cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.52476

Средний

8.6 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2019-5736

CVSS3: 8.6

ubuntu

больше 6 лет назад

CVE-2019-5736

CVSS3: 7.7

redhat

больше 6 лет назад

CVE-2019-5736

CVSS3: 8.6

msrc

почти 4 года назад

Описание отсутствует

CVE-2019-5736

CVSS3: 8.6

debian

больше 6 лет назад

runc through 1.0-rc6, as used in Docker before 18.09.2 and other produ ...

openSUSE-SU-2019:2245-1

suse-cvrf

больше 5 лет назад

Security update for lxc

EPSS

Процентиль: 98%

0.52476

Средний

8.6 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78