CVE-2019-5736: OS Command Injection
First published: Thu Jan 10 2019(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/lxc | 1:4.0.6-2+deb11u2 1:5.0.2-1+deb12u3 1:6.0.3-1 | |
| debian/runc | 1.0.0~rc93+ds1-5+deb11u5 1.0.0~rc93+ds1-5+deb11u3 1.1.5+ds1-1+deb12u1 1.1.15+ds1-1 | |
| Docker | <18.09.2 | |
| runc | <=0.1.1 | |
| runc | =1.0.0-rc1 | |
| runc | =1.0.0-rc2 | |
| runc | =1.0.0-rc3 | |
| runc | =1.0.0-rc4 | |
| runc | =1.0.0-rc5 | |
| runc | =1.0.0-rc6 | |
| redhat container development kit | =3.7 | |
| Red Hat OpenShift | =3.4 | |
| Red Hat OpenShift | =3.5 | |
| Red Hat OpenShift | =3.6 | |
| Red Hat OpenShift | =3.7 | |
| Red Hat Enterprise Linux | =8.0 | |
| redhat enterprise Linux server | =7.0 | |
| Google Kubernetes Engine | ||
| linuxcontainers lxc | <3.2.0 | |
| hp onesphere | ||
| netapp hci management node | ||
| netapp solidfire | ||
| Apache Mesos | >=1.4.0<1.4.3 | |
| Apache Mesos | >=1.6.0<1.6.2 | |
| Apache Mesos | >=1.7.0<1.7.2 | |
| openSUSE Backports | =15.0 | |
| openSUSE Backports | =15.0-sp1 | |
| openSUSE | =15.0 | |
| openSUSE | =15.1 | |
| openSUSE | =42.3 | |
| d2iq kubernetes engine | <2.2.0-1.13.3 | |
| d2iq dc\/os | <1.10.10 | |
| d2iq dc\/os | >=1.10.11<1.11.9 | |
| d2iq dc\/os | >=1.11.10<1.12.1 | |
| Fedora | =29 | |
| Fedora | =30 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =18.10 | |
| Ubuntu | =19.04 | |
| microfocus service management automation | =2018.02 | |
| microfocus service management automation | =2018.05 | |
| microfocus service management automation | =2018.08 | |
| microfocus service management automation | =2018.11 |
Remedy
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520030&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520030&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674489
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674490
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674491
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674493
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674492
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674488
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
- https://access.redhat.com/errata/RHSA-2019:0303
- https://access.redhat.com/errata/RHSA-2019:0304
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1676798
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://seclists.org/oss-sec/2019/q1/119
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://access.redhat.com/errata/RHSA-2019:0401
- https://access.redhat.com/errata/RHSA-2019:0408
- https://access.redhat.com/errata/RHSA-2019:0975
- https://bugzilla.redhat.com/show_bug.cgi?id=1664908
- https://access.redhat.com/security/cve/cve-2019-5736
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/rancher/runc-cve
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- http://www.securityfocus.com/bid/106976
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.exploit-db.com/exploits/46359/
- https://www.exploit-db.com/exploits/46369/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/q3k/cve-2019-5736-poc
- https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E
- https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/03/23/1
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- https://usn.ubuntu.com/4048-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
- https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
- http://www.openwall.com/lists/oss-security/2019/10/24/1
- http://www.openwall.com/lists/oss-security/2019/10/29/3
- https://security.gentoo.org/glsa/202003-21
- https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- http://www.openwall.com/lists/oss-security/2024/02/01/1
- http://www.openwall.com/lists/oss-security/2024/01/31/6
- http://www.openwall.com/lists/oss-security/2024/02/02/3
- https://launchpad.net/bugs/cve/CVE-2019-5736
- https://security-tracker.debian.org/tracker/CVE-2019-5736
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
- https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
- https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
- https://www.cve.org/CVERecord?id=CVE-2019-5736
- https://nvd.nist.gov/vuln/detail/CVE-2019-5736
- https://ubuntu.com/security/CVE-2019-5736
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-5736.
What is the affected software?
The affected software includes Docker before version 18.09.2, Linuxfoundation Runc before version 1.0.0-rc6, and other products.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by executing a command as root within one of the affected containers to overwrite the host runc binary and gain root access on the host.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is critical with a CVSS score of 8.6.
Are there any references related to this vulnerability?
Yes, you can find more information about this vulnerability in the following references: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=diff), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=edit), [Reference 3](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520030&action=diff).
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-5736
- agent/weakness
- agent/remedy
- agent/severity
- agent/first-publish-date
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/event
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- package-manager/debian
- vendor/docker
- canonical/docker
- vendor/linuxfoundation
- canonical/runc
- version/runc/0.1.1
- version/runc/1.0.0-rc1
- version/runc/1.0.0-rc2
- version/runc/1.0.0-rc3
- version/runc/1.0.0-rc4
- version/runc/1.0.0-rc5
- version/runc/1.0.0-rc6
- vendor/redhat
- canonical/redhat container development kit
- version/redhat container development kit/3.7
- canonical/red hat openshift
- version/red hat openshift/3.4
- version/red hat openshift/3.5
- version/red hat openshift/3.6
- version/red hat openshift/3.7
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- vendor/google
- canonical/google kubernetes engine
- vendor/linuxcontainers
- canonical/linuxcontainers lxc
- vendor/hp
- canonical/hp onesphere
- vendor/netapp
- canonical/netapp hci management node
- canonical/netapp solidfire
- vendor/apache
- canonical/apache mesos
- version/apache mesos/1.4.0
- version/apache mesos/1.5.0
- version/apache mesos/1.6.0
- version/apache mesos/1.7.0
- vendor/opensuse
- canonical/opensuse backports
- version/opensuse backports/15.0
- version/opensuse backports/15.0-sp1
- canonical/opensuse
- version/opensuse/15.0
- version/opensuse/15.1
- version/opensuse/42.3
- vendor/d2iq
- canonical/d2iq kubernetes engine
- canonical/d2iq dc\/os
- version/d2iq dc\/os/1.10.11
- version/d2iq dc\/os/1.11.10
- vendor/fedoraproject
- canonical/fedora
- version/fedora/29
- version/fedora/30
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/18.10
- version/ubuntu/19.04
- vendor/microfocus
- canonical/microfocus service management automation
- version/microfocus service management automation/2018.02
- version/microfocus service management automation/2018.05
- version/microfocus service management automation/2018.08
- version/microfocus service management automation/2018.11