Home

CVE-2016-9962

Description

RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

Risk Information

Base Score
6.4
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.127

Associated Vulnerability

VulnerabilityOS Platform
Update docker 1.12.5 to latest versionWindows
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update container-selinux-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update docker-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update docker-client-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update docker-common-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update docker-logrotate-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update docker-lvm-plugin-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update docker-novolume-plugin-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update docker-rhel-push-plugin-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0116) Moderate: docker security, bug fix, and enhancement update docker-v1.10-migrator-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0123) Moderate: docker-latest security, bug fix, and enhancement update docker-client-latest-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0123) Moderate: docker-latest security, bug fix, and enhancement update docker-latest-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0123) Moderate: docker-latest security, bug fix, and enhancement update docker-latest-logrotate-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0123) Moderate: docker-latest security, bug fix, and enhancement update docker-latest-v1.10-migrator-1.12.5-14.el7.x86_64.rpmLinux
(RHSA-2017:0127) Moderate: runc security and bug fix update runc-1.0.0-1.rc2.el7.x86_64.rpmLinux
Docker-engine update (ELSA-2017-3511) docker-engine-1.12.6-1.0.1.el6.x86_64.rpmLinux
Docker-engine-selinux update (ELSA-2017-3511) docker-engine-selinux-1.12.6-1.0.1.el7.noarch.rpmLinux
Buildah update (ELSA-2021-0705) buildah-1.5-8.gite94b4f9.0.1.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Container-selinux update (ELSA-2021-0705) container-selinux-2.124.0-1.gitf958d0c.module+el8.3.0+9668+293abd4d.noarch.rpmLinux
Containernetworking-plugins update (ELSA-2021-0705) containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Containers-common update (ELSA-2021-0705) containers-common-0.1.32-6.git1715c90.0.1.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Crit update (ELSA-2021-0705) crit-3.12-9.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Criu update (ELSA-2021-0705) criu-3.12-9.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Fuse-overlayfs update (ELSA-2021-0705) fuse-overlayfs-0.3-5.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Oci-systemd-hook update (ELSA-2021-0705) oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Oci-umount update (ELSA-2021-0705) oci-umount-2.3.4-2.git87f9237.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Podman update (ELSA-2021-0705) podman-1.0.0-8.git921f98f.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Podman-docker update (ELSA-2021-0705) podman-docker-1.0.0-8.git921f98f.module+el8.3.0+9668+293abd4d.noarch.rpmLinux
Python3-criu update (ELSA-2021-0705) python3-criu-3.12-9.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Runc update (ELSA-2021-0705) runc-1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Skopeo update (ELSA-2021-0705) skopeo-0.1.32-6.git1715c90.0.1.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux
Slirp4netns update (ELSA-2021-0705) slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8.3.0+9668+293abd4d.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234