First published: Thu Jan 10 2019(Updated: )
runc has a vulnerability in the usage of system file descriptors that allows for container escape and access to the host filesystem. An attacker can exploit this by convincing users to run malicious or modified containers on their systems.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/runc | <1.0.0~ | 1.0.0~ |
ubuntu/runc | <1.0.0~ | 1.0.0~ |
ubuntu/runc | <1.0.0~ | 1.0.0~ |
ubuntu/docker.io | <18.06.1-0ubuntu1.2~18.04.1 | 18.06.1-0ubuntu1.2~18.04.1 |
ubuntu/docker.io | <18.06.1-0ubuntu1.2 | 18.06.1-0ubuntu1.2 |
ubuntu/docker.io | <18.06.1-0ubuntu1.2~16.04.1 | 18.06.1-0ubuntu1.2~16.04.1 |
debian/lxc | 1:3.1.0+really3.0.3-8 1:3.1.0+really3.0.3-8+deb10u1 1:4.0.6-2+deb11u2 1:5.0.2-1+deb12u2 1:5.0.3-2 | |
debian/runc | 1.0.0~rc6+dfsg1-3 1.0.0~rc6+dfsg1-3+deb10u3 1.0.0~rc93+ds1-5+deb11u3 1.1.5+ds1-1+deb12u1 1.1.12+ds1-1 | |
Docker Docker | <18.09.2 | |
Linuxfoundation Runc | <=0.1.1 | |
Linuxfoundation Runc | =1.0.0-rc1 | |
Linuxfoundation Runc | =1.0.0-rc2 | |
Linuxfoundation Runc | =1.0.0-rc3 | |
Linuxfoundation Runc | =1.0.0-rc4 | |
Linuxfoundation Runc | =1.0.0-rc5 | |
Linuxfoundation Runc | =1.0.0-rc6 | |
Redhat Container Development Kit | =3.7 | |
Redhat Openshift | =3.4 | |
Redhat Openshift | =3.5 | |
Redhat Openshift | =3.6 | |
Redhat Openshift | =3.7 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Google Kubernetes Engine | ||
Linuxcontainers Lxc | <3.2.0 | |
Hp Onesphere | ||
Netapp Hci Management Node | ||
Netapp Solidfire | ||
Apache Mesos | >=1.4.0<1.4.3 | |
Apache Mesos | >=1.6.0<1.6.2 | |
Apache Mesos | >=1.7.0<1.7.2 | |
openSUSE Backports SLE | =15.0 | |
openSUSE Backports SLE | =15.0-sp1 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =42.3 | |
D2iq Kubernetes Engine | <2.2.0-1.13.3 | |
D2iq Dc\/os | <1.10.10 | |
D2iq Dc\/os | >=1.10.11<1.11.9 | |
D2iq Dc\/os | >=1.11.10<1.12.1 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Microfocus Service Management Automation | =2018.02 | |
Microfocus Service Management Automation | =2018.05 | |
Microfocus Service Management Automation | =2018.08 | |
Microfocus Service Management Automation | =2018.11 |
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-5736.
The affected software includes Docker before version 18.09.2, Linuxfoundation Runc before version 1.0.0-rc6, and other products.
An attacker can exploit this vulnerability by executing a command as root within one of the affected containers to overwrite the host runc binary and gain root access on the host.
The severity rating of this vulnerability is critical with a CVSS score of 8.6.
Yes, you can find more information about this vulnerability in the following references: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=diff), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=edit), [Reference 3](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520030&action=diff).