Lucene search

Veracode Vulnerability DatabaseVERACODE:13337

HistoryFeb 12, 2019 - 2:31 a.m.

Malicious Container Execution

2019-02-1202:31:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

73.6%

JSON

github.com/opencontainers/runc is susceptible to malicious container execution. It does not properly perform the file-descriptor handling which allows a malicious user to overwrite the host runc binary and subsequently executing containers such as (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec after gaining administrative access on the host.

CPENameOperatorVersion
github.com/opencontainers/runceqHEAD
github.com/opencontainers/runcle18.09.1
runceq1.0.0__37.rc5.dev.gitad0f525.el7
runceq1.0.0__27.rc5.dev.git4bb1fe4.el7
runceq1.0.0__24.rc4.dev.gitc6e4a1e.el7
runceq1.0.0__57.dev.git2abd837.el7.centos
runceq1.0.0__26.rc4.dev.git9f9c962.el7
runceq1.0.0__54.dev.git2abd837.el7
runceq1.0.0__52.dev.git70ca035.el7_5
dockereq1.13.1__88.git07f3374.el7.centos

Name	Operator	Version
github.com/opencontainers/runc	eq	HEAD
github.com/opencontainers/runc	le	18.09.1
runc	eq	1.0.0__37.rc5.dev.gitad0f525.el7
runc	eq	1.0.0__27.rc5.dev.git4bb1fe4.el7
runc	eq	1.0.0__24.rc4.dev.gitc6e4a1e.el7
runc	eq	1.0.0__57.dev.git2abd837.el7.centos
runc	eq	1.0.0__26.rc4.dev.git9f9c962.el7
runc	eq	1.0.0__54.dev.git2abd837.el7
runc	eq	1.0.0__52.dev.git70ca035.el7_5
docker	eq	1.13.1__88.git07f3374.el7.centos

Rows per page:

1-10 of 221

References

lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html

lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html

lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html

packetstormsecurity.com/files/163339/Docker-Container-Escape.html

packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html

www.openwall.com/lists/oss-security/2019/03/23/1

www.openwall.com/lists/oss-security/2019/06/28/2

www.openwall.com/lists/oss-security/2019/07/06/3

www.openwall.com/lists/oss-security/2019/07/06/4

www.openwall.com/lists/oss-security/2019/10/24/1

www.openwall.com/lists/oss-security/2019/10/29/3

www.securityfocus.com/bid/106976

access.redhat.com/errata/RHSA-2019:0303

access.redhat.com/errata/RHSA-2019:0304

access.redhat.com/errata/RHSA-2019:0401

access.redhat.com/errata/RHSA-2019:0408

access.redhat.com/errata/RHSA-2019:0975

access.redhat.com/security/cve/cve-2019-5736

access.redhat.com/security/vulnerabilities/runcescape

aws.amazon.com/security/security-bulletins/AWS-2019-002/

azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/

azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/

blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html

brauner.github.io/2019/02/12/privileged-containers.html

bugzilla.suse.com/show_bug.cgi?id=1121967

cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc

docs.docker.com/engine/release-notes/

github.com/docker/docker-ce/releases/tag/v18.09.2

github.com/Frichetten/CVE-2019-5736-PoC

github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b

github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d

github.com/opencontainers/runc/compare/dd023c457d84de44fa61e6ff0e0cf6a0edd1005e...6635b4f0c6af3810594d2770f662f34ddc15b40d

github.com/q3k/cve-2019-5736-poc

github.com/rancher/runc-cve

kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/

lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E

lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E

lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E

lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E

lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E

lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E

lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E

lists.fedoraproject.org/archives/list/[email protected]/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/

lists.fedoraproject.org/archives/list/[email protected]/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/

lists.fedoraproject.org/archives/list/[email protected]/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/

lists.fedoraproject.org/archives/list/[email protected]/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/

security.gentoo.org/glsa/202003-21

security.netapp.com/advisory/ntap-20190307-0008/

softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us

support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc

usn.ubuntu.com/4048-1/

www.exploit-db.com/exploits/46359/

www.exploit-db.com/exploits/46369/

www.openwall.com/lists/oss-security/2019/02/11/2

www.synology.com/security/advisory/Synology_SA_19_06

www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/

Malicious Container Execution

References

Related