{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-5736", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T20:01:52.208Z", "dateReserved": "2019-01-08T00:00:00", "datePublished": "2019-02-11T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-02T12:06:25.591627"}, "descriptions": [{"lang": "en", "value": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"}, {"name": "RHSA-2019:0408", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0408"}, {"url": "https://github.com/rancher/runc-cve"}, {"name": "RHSA-2019:0401", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0401"}, {"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_06"}, {"url": "https://security.netapp.com/advisory/ntap-20190307-0008/"}, {"name": "RHSA-2019:0303", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0303"}, {"tags": ["vendor-advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"}, {"url": "https://github.com/q3k/cve-2019-5736-poc"}, {"name": "46359", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/46359/"}, {"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"}, {"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"}, {"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"}, {"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"}, {"url": "https://access.redhat.com/security/cve/cve-2019-5736"}, {"name": "46369", "tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/46369/"}, {"name": "RHSA-2019:0304", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0304"}, {"url": "https://github.com/Frichetten/CVE-2019-5736-PoC"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us"}, {"url": "https://brauner.github.io/2019/02/12/privileged-containers.html"}, {"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"}, {"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"}, {"name": "106976", "tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/106976"}, {"url": "https://access.redhat.com/security/vulnerabilities/runcescape"}, {"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"}, {"name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"}, {"name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"}, {"name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"}, {"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"}, {"name": "openSUSE-SU-2019:1079", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"}, {"name": "openSUSE-SU-2019:1227", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"}, {"name": "openSUSE-SU-2019:1275", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"}, {"name": "FEDORA-2019-bc70b381ad", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"}, {"name": "FEDORA-2019-6174b47003", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"}, {"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"}, {"name": "RHSA-2019:0975", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0975"}, {"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"}, {"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"}, {"name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"}, {"name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"}, {"name": "openSUSE-SU-2019:1444", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"}, {"name": "openSUSE-SU-2019:1481", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"}, {"name": "openSUSE-SU-2019:1499", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"}, {"name": "openSUSE-SU-2019:1506", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"}, {"name": "USN-4048-1", "tags": ["vendor-advisory"], "url": "https://usn.ubuntu.com/4048-1/"}, {"name": "openSUSE-SU-2019:2021", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"}, {"name": "FEDORA-2019-2baa1f7b19", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"}, {"name": "FEDORA-2019-c1dac1b3b8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"}, {"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"}, {"name": "openSUSE-SU-2019:2245", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"}, {"name": "openSUSE-SU-2019:2286", "tags": ["vendor-advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"}, {"name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"name": "GLSA-202003-21", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202003-21"}, {"name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"}, {"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"}, {"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"}, {"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"}, {"name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"}, {"name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"}, {"name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "datePublic": "2019-02-11T00:00:00"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.208Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d", "tags": ["x_transferred"]}, {"name": "RHSA-2019:0408", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0408"}, {"url": "https://github.com/rancher/runc-cve", "tags": ["x_transferred"]}, {"name": "RHSA-2019:0401", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0401"}, {"url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2", "tags": ["x_transferred"]}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_06", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20190307-0008/", "tags": ["x_transferred"]}, {"name": "RHSA-2019:0303", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0303"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"}, {"url": "https://github.com/q3k/cve-2019-5736-poc", "tags": ["x_transferred"]}, {"name": "46359", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46359/"}, {"url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b", "tags": ["x_transferred"]}, {"url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/", "tags": ["x_transferred"]}, {"url": "https://www.openwall.com/lists/oss-security/2019/02/11/2", "tags": ["x_transferred"]}, {"url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/cve-2019-5736", "tags": ["x_transferred"]}, {"name": "46369", "tags": ["exploit", "x_transferred"], "url": "https://www.exploit-db.com/exploits/46369/"}, {"name": "RHSA-2019:0304", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0304"}, {"url": "https://github.com/Frichetten/CVE-2019-5736-PoC", "tags": ["x_transferred"]}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us", "tags": ["x_transferred"]}, {"url": "https://brauner.github.io/2019/02/12/privileged-containers.html", "tags": ["x_transferred"]}, {"url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/", "tags": ["x_transferred"]}, {"url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc", "tags": ["x_transferred"]}, {"name": "106976", "tags": ["vdb-entry", "x_transferred"], "url": "http://www.securityfocus.com/bid/106976"}, {"url": "https://access.redhat.com/security/vulnerabilities/runcescape", "tags": ["x_transferred"]}, {"url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html", "tags": ["x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967", "tags": ["x_transferred"]}, {"name": "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"}, {"name": "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"}, {"name": "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"}, {"url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003", "tags": ["x_transferred"]}, {"name": "openSUSE-SU-2019:1079", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"}, {"name": "openSUSE-SU-2019:1227", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"}, {"name": "openSUSE-SU-2019:1275", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"}, {"name": "FEDORA-2019-bc70b381ad", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"}, {"name": "FEDORA-2019-6174b47003", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"}, {"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944", "tags": ["x_transferred"]}, {"name": "RHSA-2019:0975", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0975"}, {"url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", "tags": ["x_transferred"]}, {"url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", "tags": ["x_transferred"]}, {"name": "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"}, {"name": "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"}, {"name": "openSUSE-SU-2019:1444", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"}, {"name": "openSUSE-SU-2019:1481", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"}, {"name": "openSUSE-SU-2019:1499", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"}, {"name": "openSUSE-SU-2019:1506", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"}, {"name": "USN-4048-1", "tags": ["vendor-advisory", "x_transferred"], "url": "https://usn.ubuntu.com/4048-1/"}, {"name": "openSUSE-SU-2019:2021", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"}, {"name": "FEDORA-2019-2baa1f7b19", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"}, {"name": "FEDORA-2019-c1dac1b3b8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"}, {"name": "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"}, {"name": "openSUSE-SU-2019:2245", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"}, {"name": "openSUSE-SU-2019:2286", "tags": ["vendor-advisory", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"}, {"name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"name": "GLSA-202003-21", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-21"}, {"name": "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"}, {"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"}, {"url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"}, {"name": "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"}, {"name": "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "matchCriteriaId": "A367C4FA-18DF-402F-B120-254B35F73BD1", "versionEndExcluding": "18.09.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", "matchCriteriaId": "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5", "versionEndIncluding": "0.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "949172CC-EBB5-47F6-B987-207C802EED0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "093326B1-448C-4E3B-886D-CAC8B6813BFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "F672C421-789D-4F21-B483-DA3EB251BA1D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "48FAFDE5-1E73-4874-8F2E-3C74B1955096", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E9955945-7509-4542-BF83-B7BA0B4D8D05", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "55349BC5-90EC-4954-8CEB-3C37D34742C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C2EB454-D0C9-47FC-B727-1D61A8811967", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AF77BB2-6F7A-408A-9F54-60F1F53B3709", "versionEndExcluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*", "matchCriteriaId": "41FF9E5A-7BD1-477E-9875-8525FD87B13F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA0695E0-954A-4533-9D93-58257E9EA6D5", "versionEndExcluding": "1.4.3", "versionStartIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", "matchCriteriaId": "B51B8DF0-FCE4-42A7-A582-0476226C6188", "versionEndExcluding": "1.5.3", "versionStartIncluding": "1.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", "matchCriteriaId": "01878119-E05A-469B-B49D-5D19082CED28", "versionEndExcluding": "1.6.2", "versionStartIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AB1BB7C-46A1-4676-9D15-D75EC1E4594C", "versionEndExcluding": "1.7.2", "versionStartIncluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", "matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "632B24FA-F2D6-42B0-87C7-7F142E15EFC7", "versionEndExcluding": "2.2.0-1.13.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AD20FA7-737F-47C0-B2AC-735438253AA9", "versionEndExcluding": "1.10.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E5AE03E-3AC4-4439-9D0D-45E097B2552C", "versionEndExcluding": "1.11.9", "versionStartIncluding": "1.10.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2F3078E-08E0-4C76-A7A3-A93B953BEDD5", "versionEndExcluding": "1.12.1", "versionStartIncluding": "1.11.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*", "matchCriteriaId": "2DCFB2E7-D769-4365-9B99-952907563749", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*", "matchCriteriaId": "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*", "matchCriteriaId": "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*", "matchCriteriaId": "82C0FD9D-6117-40DE-9386-7327867F9615", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe."}, {"lang": "es", "value": "runc, hasta la versi\u00f3n 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, as\u00ed, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gesti\u00f3n incorrecta del descriptor de archivos; esto est\u00e1 relacionado con /proc/self/exe."}], "id": "CVE-2019-5736", "lastModified": "2024-02-02T12:15:48.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-11T19:29:00.297", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/03/23/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/01/31/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/02/01/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2024/02/02/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106976"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0303"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0304"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0401"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0408"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0975"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2019-5736"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/vulnerabilities/runcescape"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "Vendor Advisory"], "url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "Vendor Advisory"], "url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://brauner.github.io/2019/02/12/privileged-containers.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1121967"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Frichetten/CVE-2019-5736-PoC"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/docker/docker-ce/releases/tag/v18.09.2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/q3k/cve-2019-5736-poc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/rancher/runc-cve"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-21"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190307-0008/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4048-1/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46359/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46369/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2019/02/11/2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_06"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Open Containers Security Team for reporting this issue. Upstream acknowledges Adam Iwaniuk and Borys Pop\u0142awski as the original reporters.", "affected_release": [{"advisory": "RHSA-2019:0401", "cpe": "cpe:/a:redhat:container_development_kit:3.7", "product_name": "Other", "release_date": "2019-02-25T00:00:00Z"}, {"advisory": "RHSA-2019:0303", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "runc-0:1.0.0-59.dev.git2abd837.el7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2019-02-11T00:00:00Z"}, {"advisory": "RHSA-2019:0304", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "docker-2:1.13.1-91.git07f3374.el7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2019-02-11T00:00:00Z"}, {"advisory": "RHSA-2019:0975", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "container-tools:rhel8-8000020190416221845.2ffa3d27", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-05-07T00:00:00Z"}, {"advisory": "RHSA-2019:0408", "cpe": "cpe:/a:redhat:openshift:3.4::el7", "package": "docker-2:1.12.6-79.git5680db5.el7", "product_name": "Red Hat OpenShift Container Platform 3.4", "release_date": "2019-02-26T00:00:00Z"}, {"advisory": "RHSA-2019:0408", "cpe": "cpe:/a:redhat:openshift:3.5::el7", "package": "docker-2:1.12.6-79.git5680db5.el7", "product_name": "Red Hat OpenShift Container Platform 3.5", "release_date": "2019-02-26T00:00:00Z"}, {"advisory": "RHSA-2019:0408", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "docker-2:1.12.6-79.git5680db5.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2019-02-26T00:00:00Z"}, {"advisory": "RHSA-2019:0408", "cpe": "cpe:/a:redhat:openshift:3.7::el7", "package": "docker-2:1.12.6-79.git5680db5.el7", "product_name": "Red Hat OpenShift Container Platform 3.7", "release_date": "2019-02-26T00:00:00Z"}], "bugzilla": {"description": "runc: Execution of malicious containers allows for container escape and access to host filesystem", "id": "1664908", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1664908"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-672", "details": ["runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.", "A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system."], "mitigation": {"lang": "en:us", "value": "This vulnerability is mitigated on Red Hat Enterprise Linux 7 if SELinux is in enforcing mode. SELinux in enforcing mode is a pre-requisite for OpenShift Container Platform 3.x."}, "name": "CVE-2019-5736", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "docker-latest", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:1.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:rhel_atomic:7", "fix_state": "Not affected", "package_name": "docker", "product_name": "Red Hat Enterprise Linux Atomic Host 7"}, {"cpe": "cpe:/a:redhat:rhel_atomic:7", "fix_state": "Not affected", "package_name": "runc", "product_name": "Red Hat Enterprise Linux Atomic Host 7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "runc", "product_name": "Red Hat OpenShift Container Platform 3.9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "runc", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-02-11T13:22:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-5736\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5736\nhttps://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html\nhttps://seclists.org/oss-sec/2019/q1/119"], "statement": "The 'docker' package shipped in Red Hat Enterprise Linux 7 Extras bundles 'runc' since 'docker' starting from version 1.12. Both the 'docker' and 'runc' packages are affected by this issue.\nThe 'docker-latest' package is deprecated as of Red Hat Enterprise Linux 7.5. Customers using this package should update to the latest 'docker' package shipped in Red Hat Enterprise Linux 7 Extras.\nOpenShift Container Platform (OCP) versions 3.9 and later use 'docker' version 1.13 in the default configuration but can be configured to use CRI-O as an alternative, which depends on the 'runc' package. OCP versions 3.9 and later should use the updated 'docker' and 'runc' packages shipped in Red Hat Enterprise Linux 7 Extras.\nOCP versions 3.4 through 3.7 originally used 'docker' version 1.12 from the Red Hat Enterprise Linux 7 Extras channel. An updated version of 'docker' 1.12 has been delivered to the RPM channels for OCP versions 3.4 through 3.7.\nOCP version 3.9 previously shipped a version of 'runc' in it's RPM repository. OCP 3.9 clusters using CRI-O should update 'runc' from the Red Hat Enterprise Linux 7 Extras channel.\nRed Hat Enterprise Linux Atomic Host 7 is not affected by this vulnerability as the target runc binaries are stored on a read-only filesystem and cannot be overwritten.", "threat_severity": "Important", "upstream_fix": "runc v1.0.0-rc7"}