CVE-2019-5736
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
21Exploited in Wild
-Decision
Descriptions
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
runc, hasta la versión 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, así, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gestión incorrecta del descriptor de archivos; esto está relacionado con /proc/self/exe.
A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-08 CVE Reserved
- 2019-02-11 CVE Published
- 2019-02-14 First Exploit
- 2024-07-25 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-672: Operation on a Resource after Expiration or Release
CAPEC
References (82)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Docker Search vendor "Docker" | Docker Search vendor "Docker" for product "Docker" | < 18.09.2 Search vendor "Docker" for product "Docker" and version " < 18.09.2" | - |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | <= 0.1.1 Search vendor "Linuxfoundation" for product "Runc" and version " <= 0.1.1" | - |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc1 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc2 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc3 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc4 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc5 |
Affected
| ||||||
Linuxfoundation Search vendor "Linuxfoundation" | Runc Search vendor "Linuxfoundation" for product "Runc" | 1.0.0 Search vendor "Linuxfoundation" for product "Runc" and version "1.0.0" | rc6 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Container Development Kit Search vendor "Redhat" for product "Container Development Kit" | 3.7 Search vendor "Redhat" for product "Container Development Kit" and version "3.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | 3.4 Search vendor "Redhat" for product "Openshift" and version "3.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | 3.5 Search vendor "Redhat" for product "Openshift" and version "3.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | 3.6 Search vendor "Redhat" for product "Openshift" and version "3.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | 3.7 Search vendor "Redhat" for product "Openshift" and version "3.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Google Search vendor "Google" | Kubernetes Engine Search vendor "Google" for product "Kubernetes Engine" | - | - |
Affected
| ||||||
Linuxcontainers Search vendor "Linuxcontainers" | Lxc Search vendor "Linuxcontainers" for product "Lxc" | < 3.2.0 Search vendor "Linuxcontainers" for product "Lxc" and version " < 3.2.0" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Onesphere Search vendor "Hp" for product "Onesphere" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
Apache Search vendor "Apache" | Mesos Search vendor "Apache" for product "Mesos" | >= 1.4.0 < 1.4.3 Search vendor "Apache" for product "Mesos" and version " >= 1.4.0 < 1.4.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Mesos Search vendor "Apache" for product "Mesos" | >= 1.5.0 < 1.5.3 Search vendor "Apache" for product "Mesos" and version " >= 1.5.0 < 1.5.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Mesos Search vendor "Apache" for product "Mesos" | >= 1.6.0 < 1.6.2 Search vendor "Apache" for product "Mesos" and version " >= 1.6.0 < 1.6.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Mesos Search vendor "Apache" for product "Mesos" | >= 1.7.0 < 1.7.2 Search vendor "Apache" for product "Mesos" and version " >= 1.7.0 < 1.7.2" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Backports Sle Search vendor "Opensuse" for product "Backports Sle" | 15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Backports Sle Search vendor "Opensuse" for product "Backports Sle" | 15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0" | sp1 |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.3 Search vendor "Opensuse" for product "Leap" and version "42.3" | - |
Affected
| ||||||
D2iq Search vendor "D2iq" | Kubernetes Engine Search vendor "D2iq" for product "Kubernetes Engine" | < 2.2.0-1.13.3 Search vendor "D2iq" for product "Kubernetes Engine" and version " < 2.2.0-1.13.3" | - |
Affected
| ||||||
D2iq Search vendor "D2iq" | Dc\/os Search vendor "D2iq" for product "Dc\/os" | < 1.10.10 Search vendor "D2iq" for product "Dc\/os" and version " < 1.10.10" | - |
Affected
| ||||||
D2iq Search vendor "D2iq" | Dc\/os Search vendor "D2iq" for product "Dc\/os" | >= 1.10.11 < 1.11.9 Search vendor "D2iq" for product "Dc\/os" and version " >= 1.10.11 < 1.11.9" | - |
Affected
| ||||||
D2iq Search vendor "D2iq" | Dc\/os Search vendor "D2iq" for product "Dc\/os" | >= 1.11.10 < 1.12.1 Search vendor "D2iq" for product "Dc\/os" and version " >= 1.11.10 < 1.12.1" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2018.02 Search vendor "Microfocus" for product "Service Management Automation" and version "2018.02" | - |
Affected
| ||||||
Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2018.05 Search vendor "Microfocus" for product "Service Management Automation" and version "2018.05" | - |
Affected
| ||||||
Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2018.08 Search vendor "Microfocus" for product "Service Management Automation" and version "2018.08" | - |
Affected
| ||||||
Microfocus Search vendor "Microfocus" | Service Management Automation Search vendor "Microfocus" for product "Service Management Automation" | 2018.11 Search vendor "Microfocus" for product "Service Management Automation" and version "2018.11" | - |
Affected
|