Lucene search
Veracode Vulnerability DatabaseVERACODE:4126HistoryMay 03, 2017 - 6:50 a.m.
Privilege Escalation
2017-05-0306:50:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.0004 Low
EPSS
Percentile
5.1%
github.com/opencontainers/runc is vulnerable to privilege escalation attacks. These attacks are possible because github.com/opencontainers/runc treats a numeric UID as a potential username. This allows local users to gain privileges though a numeric username in the password file. This transitively affects Docker.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/opencontainers/runc | eq | HEAD | |
| github.com/opencontainers/runc | le | 0.0.9 |
References
lists.opensuse.org/opensuse-updates/2016-05/msg00111.html
rhn.redhat.com/errata/RHSA-2016-1034.html
rhn.redhat.com/errata/RHSA-2016-2634.html
github.com/docker/docker/issues/21436
github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091
github.com/opencontainers/runc/pull/708
github.com/opencontainers/runc/releases/tag/v0.1.0
security.gentoo.org/glsa/201612-28
Related
nessus
nessus
Fedora 23 : 2:docker (2016-6a0d540088)
2016-07-14 00:00:00
EulerOS 2.0 SP1 : docker (EulerOS-SA-2016-1016)
2017-05-01 00:00:00
RHEL 7 : docker (RHSA-2016:2634)
2016-11-07 00:00:00
redhat
redhat
(RHSA-2016:1034) Moderate: docker security, bug fix, and enhancement update
2016-05-12 14:58:50
(RHSA-2016:2634) Moderate: docker security and bug fix update
2016-11-03 16:46:17
oraclelinux
oraclelinux
docker-engine security update
2016-05-20 00:00:00
openvas
openvas
Fedora Update for docker FEDORA-2016-6a0d540088
2016-06-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1159-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2016-0209)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: docker-1.10.3-24.gitf476348.fc23
2016-06-10 02:28:43
[SECURITY] Fedora 24 Update: docker-1.10.3-15.gitf476348.fc24
2016-06-18 19:40:15
veracode
veracode
Privilege Escalation
2019-01-15 09:11:32
prion
prion
Default credentials
2016-06-01 20:59:00
Code injection
2018-04-09 16:29:00
mageia
mageia
Updated docker package fixes CVE-2016-3697
2016-05-29 16:55:26
osv
osv
Privilege escalation in github.com/opencontainers/runc
2021-04-14 20:04:52
Privilege Elevation in runc
2021-12-20 18:21:34
CVE-2018-9862
2018-04-09 16:29:00
nvd
nvd
CVE-2016-3697
2016-06-01 20:59:06
CVE-2018-9862
2018-04-09 16:29:00
github
github
Privilege Elevation in runc
2021-12-20 18:21:34
debiancve
debiancve
CVE-2016-3697
2016-06-01 20:59:06
kaspersky
kaspersky
KLA10820 Privilege escalation vulnerability in Docker
2016-06-01 00:00:00
gentoo
gentoo
Docker: Privilege escalation
2016-12-11 00:00:00
ubuntucve
ubuntucve
CVE-2016-3697
2016-06-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2016-3697 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
cvelist
cvelist
CVE-2016-3697
2016-06-01 20:00:00
CVE-2018-9862
2018-04-09 16:00:00
cve
cve
CVE-2016-3697
2016-06-01 20:59:06
CVE-2018-9862
2018-04-09 16:29:00
ibm
ibm