Page 2 of 13 results (0.025 seconds)

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. • https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5 https://github.com/opencontainers/runc/releases/tag/v1.1.2 https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND • CWE-276: Incorrect Default Permissions •

CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. • http://www.openwall.com/lists/oss-security/2022/05/12/1 https://github.com/moby/moby/commit/2bbc786e4c59761d722d2d1518cd0a32829bc07f https://github.com/moby/moby/releases/tag/v20.10.14 https://github.com/moby/moby/security/advisories/GHSA-2mm7-x5h6-5pvq https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PMQKCAPK2AR3DCYITJYMMNBEGQBGLCC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5AFKOQ5CE3CEIULWW4FLQKHFFU6FSYG https://lists.fedo • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 1

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2241 https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554 https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html http • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.5EPSS: 0%CPEs: 18EXPL: 0

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. runc versiones anteriores a 1.0.0-rc95, permite un Container Filesystem Breakout por medio de un Salto de Directorio. Para explotar la vulnerabilidad, un atacante debe ser capaz de crear varios contenedores con una configuración de montaje bastante específica. El problema ocurre por medio de un ataque de intercambio de enlaces simbólicos que se basa en una condición de carrera The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. • http://www.openwall.com/lists/oss-security/2021/05/19/2 https://bugzilla.opensuse.org/show_bug.cgi?id=1185405 https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f https://github.com/opencontainers/runc/releases https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH https: • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) runc versiones hasta 1.0.0-rc9, posee un Control de Acceso Incorrecto conllevando a una escalada de privilegios, relacionado con el archivo libcontainer/rootfs_linux.go. Para explotar esto, un atacante debe ser capaz de generar dos contenedores con configuraciones de montaje de volumen personalizadas y ser capaz de ejecutar imágenes personalizadas. (Esta vulnerabilidad no afecta a Docker debido a un detalle de implementación que bloquea el ataque). • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html https://access.redhat.com/errata/RHSA-2020:0688 https://access.redhat.com/errata/RHSA-2020:0695 https://github.com/opencontainers/runc/issues/2197 https://github.com/opencontainers/runc/pull/2190 https://github.com/opencontainers/runc/releases https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3S • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •