CVE-2019-5736: OS Command Injection
First published: Thu Jan 10 2019(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/lxc | 1:4.0.6-2+deb11u2 1:5.0.2-1+deb12u3 1:6.0.3-1 | |
| debian/runc | 1.0.0~rc93+ds1-5+deb11u5 1.0.0~rc93+ds1-5+deb11u3 1.1.5+ds1-1+deb12u1 1.1.15+ds1-1 | |
| Python Docker | <18.09.2 | |
| runc | <=0.1.1 | |
| runc | =1.0.0-rc1 | |
| runc | =1.0.0-rc2 | |
| runc | =1.0.0-rc3 | |
| runc | =1.0.0-rc4 | |
| runc | =1.0.0-rc5 | |
| runc | =1.0.0-rc6 | |
| Red Hat Container Development Kit | =3.7 | |
| Red Hat OpenShift | =3.4 | |
| Red Hat OpenShift | =3.5 | |
| Red Hat OpenShift | =3.6 | |
| Red Hat OpenShift | =3.7 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux Server | =7.0 | |
| Google Kubernetes Engine | ||
| Linux Containers (LXC) | <3.2.0 | |
| HP OneSphere | ||
| NetApp SolidFire & HCI Management Node | ||
| NetApp SolidFire & HCI Storage Node | ||
| Apache Mesos | >=1.4.0<1.4.3 | |
| Apache Mesos | >=1.6.0<1.6.2 | |
| Apache Mesos | >=1.7.0<1.7.2 | |
| openSUSE Backports | =15.0 | |
| openSUSE Backports | =15.0-sp1 | |
| SUSE Linux | =15.0 | |
| SUSE Linux | =15.1 | |
| SUSE Linux | =42.3 | |
| D2iQ Kubernetes Engine | <2.2.0-1.13.3 | |
| D2iQ DC/OS | <1.10.10 | |
| D2iQ DC/OS | >=1.10.11<1.11.9 | |
| D2iQ DC/OS | >=1.11.10<1.12.1 | |
| Red Hat Fedora | =29 | |
| Red Hat Fedora | =30 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =18.10 | |
| Ubuntu | =19.04 | |
| Micro Focus Service Management Automation | =2018.02 | |
| Micro Focus Service Management Automation | =2018.05 | |
| Micro Focus Service Management Automation | =2018.08 | |
| Micro Focus Service Management Automation | =2018.11 |
Remedy
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520030&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520030&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674489
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674490
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674491
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674493
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674492
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1674488
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
- https://access.redhat.com/errata/RHSA-2019:0303
- https://access.redhat.com/errata/RHSA-2019:0304
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1676798
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://seclists.org/oss-sec/2019/q1/119
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://access.redhat.com/errata/RHSA-2019:0401
- https://access.redhat.com/errata/RHSA-2019:0408
- https://access.redhat.com/errata/RHSA-2019:0975
- https://bugzilla.redhat.com/show_bug.cgi?id=1664908
- https://access.redhat.com/security/cve/cve-2019-5736
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/rancher/runc-cve
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- http://www.securityfocus.com/bid/106976
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- https://security.netapp.com/advisory/ntap-20190307-0008/
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://www.exploit-db.com/exploits/46359/
- https://www.exploit-db.com/exploits/46369/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://github.com/q3k/cve-2019-5736-poc
- https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E
- https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/03/23/1
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- https://usn.ubuntu.com/4048-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
- https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
- http://www.openwall.com/lists/oss-security/2019/10/24/1
- http://www.openwall.com/lists/oss-security/2019/10/29/3
- https://security.gentoo.org/glsa/202003-21
- https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- http://www.openwall.com/lists/oss-security/2024/02/01/1
- http://www.openwall.com/lists/oss-security/2024/01/31/6
- http://www.openwall.com/lists/oss-security/2024/02/02/3
- https://launchpad.net/bugs/cve/CVE-2019-5736
- https://security-tracker.debian.org/tracker/CVE-2019-5736
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
- https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
- https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
- https://www.cve.org/CVERecord?id=CVE-2019-5736
- https://nvd.nist.gov/vuln/detail/CVE-2019-5736
- https://ubuntu.com/security/CVE-2019-5736
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-5736.
What is the affected software?
The affected software includes Docker before version 18.09.2, Linuxfoundation Runc before version 1.0.0-rc6, and other products.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by executing a command as root within one of the affected containers to overwrite the host runc binary and gain root access on the host.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is critical with a CVSS score of 8.6.
Are there any references related to this vulnerability?
Yes, you can find more information about this vulnerability in the following references: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=diff), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520029&action=edit), [Reference 3](https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1520030&action=diff).
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-5736
- agent/weakness
- agent/remedy
- agent/severity
- agent/first-publish-date
- agent/author
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- source/MITRE
- agent/references
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/event
- agent/trending
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/debian
- vendor/docker
- canonical/python docker
- vendor/linuxfoundation
- canonical/runc
- version/runc/0.1.1
- version/runc/1.0.0-rc1
- version/runc/1.0.0-rc2
- version/runc/1.0.0-rc3
- version/runc/1.0.0-rc4
- version/runc/1.0.0-rc5
- version/runc/1.0.0-rc6
- vendor/redhat
- canonical/red hat container development kit
- version/red hat container development kit/3.7
- canonical/red hat openshift
- version/red hat openshift/3.4
- version/red hat openshift/3.5
- version/red hat openshift/3.6
- version/red hat openshift/3.7
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/7.0
- vendor/google
- canonical/google kubernetes engine
- vendor/linuxcontainers
- canonical/linux containers (lxc)
- vendor/hp
- canonical/hp onesphere
- vendor/netapp
- canonical/netapp solidfire & hci management node
- canonical/netapp solidfire & hci storage node
- vendor/apache
- canonical/apache mesos
- version/apache mesos/1.4.0
- version/apache mesos/1.5.0
- version/apache mesos/1.6.0
- version/apache mesos/1.7.0
- vendor/opensuse
- canonical/opensuse backports
- version/opensuse backports/15.0
- version/opensuse backports/15.0-sp1
- canonical/suse linux
- version/suse linux/15.0
- version/suse linux/15.1
- version/suse linux/42.3
- vendor/d2iq
- canonical/d2iq kubernetes engine
- canonical/d2iq dc/os
- version/d2iq dc/os/1.10.11
- version/d2iq dc/os/1.11.10
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/29
- version/red hat fedora/30
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/18.10
- version/ubuntu/19.04
- vendor/microfocus
- canonical/micro focus service management automation
- version/micro focus service management automation/2018.02
- version/micro focus service management automation/2018.05
- version/micro focus service management automation/2018.08
- version/micro focus service management automation/2018.11