9.3

CVE-2019-5736

Exploit

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Data is provided by the National Vulnerability Database (NVD)
DockerDocker Version < 18.09.2
LinuxfoundationRunc Version <= 0.1.1
LinuxfoundationRunc Version1.0.0 Updaterc1
LinuxfoundationRunc Version1.0.0 Updaterc2
LinuxfoundationRunc Version1.0.0 Updaterc3
LinuxfoundationRunc Version1.0.0 Updaterc4
LinuxfoundationRunc Version1.0.0 Updaterc5
LinuxfoundationRunc Version1.0.0 Updaterc6
RedhatOpenshift Version3.4
RedhatOpenshift Version3.5
RedhatOpenshift Version3.6
RedhatOpenshift Version3.7
RedhatEnterprise Linux Version8.0
GoogleKubernetes Engine Version-
LinuxcontainersLxc Version < 3.2.0
HpOnesphere Version-
NetappSolidfire Version-
ApacheMesos Version >= 1.4.0 < 1.4.3
ApacheMesos Version >= 1.5.0 < 1.5.3
ApacheMesos Version >= 1.6.0 < 1.6.2
ApacheMesos Version >= 1.7.0 < 1.7.2
OpensuseBackports Sle Version15.0 Update-
OpensuseBackports Sle Version15.0 Updatesp1
OpensuseLeap Version15.0
OpensuseLeap Version15.1
OpensuseLeap Version42.3
D2iqKubernetes Engine Version < 2.2.0-1.13.3
D2iqDc/os Version < 1.10.10
D2iqDc/os Version >= 1.10.11 < 1.11.9
D2iqDc/os Version >= 1.11.10 < 1.12.1
FedoraprojectFedora Version29
FedoraprojectFedora Version30
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 53.41% 0.979
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.6 1.8 6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

http://www.securityfocus.com/bid/106976
Third Party Advisory
VDB Entry
https://brauner.github.io/2019/02/12/privileged-containers.html
Third Party Advisory
Exploit
Technical Description
https://bugzilla.suse.com/show_bug.cgi?id=1121967
Patch
Third Party Advisory
Issue Tracking
https://github.com/q3k/cve-2019-5736-poc
Third Party Advisory
Exploit
https://usn.ubuntu.com/4048-1/
Third Party Advisory
https://www.exploit-db.com/exploits/46359/
Third Party Advisory
Exploit
VDB Entry
https://www.exploit-db.com/exploits/46369/
Third Party Advisory
Exploit
VDB Entry
https://www.openwall.com/lists/oss-security/2019/02/11/2
Patch
Third Party Advisory
Mailing List