CVE-2019-5736
Description
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
59.178
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update buildah-1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update buildah-debugsource-1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update container-selinux-2.94-1.git1e99f1d.module+el8.0.0+2958+4e823551.noarch.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update containernetworking-plugins-0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update containernetworking-plugins-debugsource-0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update containers-common-0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update fuse-overlayfs-0.3-2.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update fuse-overlayfs-debugsource-0.3-2.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update oci-umount-2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update podman-1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update podman-debugsource-1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update podman-docker-1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551.noarch.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update runc-1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update runc-debugsource-1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update skopeo-0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update skopeo-debugsource-0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update slirp4netns-0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975) container-tools:rhel8 security and bug fix update slirp4netns-debugsource-0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| Docker-cli update (ELSA-2020-5739) docker-cli-19.03.11.ol-4.el7.x86_64.rpm | Linux |
| Docker-engine update (ELSA-2020-5739) docker-engine-19.03.11.ol-4.el7.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update buildah-debuginfo-1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update containernetworking-plugins-debuginfo-0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update fuse-overlayfs-debuginfo-0.3-2.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update podman-debuginfo-1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update runc-debuginfo-1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update skopeo-debuginfo-0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| (RHSA-2019:0975)Important: security and bug fix update slirp4netns-debuginfo-0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551.x86_64.rpm | Linux |
| Buildah update (ELSA-2021-0705) buildah-1.5-8.gite94b4f9.0.1.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Container-selinux update (ELSA-2021-0705) container-selinux-2.124.0-1.gitf958d0c.module+el8.3.0+9668+293abd4d.noarch.rpm | Linux |
| Containernetworking-plugins update (ELSA-2021-0705) containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Containers-common update (ELSA-2021-0705) containers-common-0.1.32-6.git1715c90.0.1.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Crit update (ELSA-2021-0705) crit-3.12-9.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Criu update (ELSA-2021-0705) criu-3.12-9.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Fuse-overlayfs update (ELSA-2021-0705) fuse-overlayfs-0.3-5.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Oci-systemd-hook update (ELSA-2021-0705) oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Oci-umount update (ELSA-2021-0705) oci-umount-2.3.4-2.git87f9237.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Podman update (ELSA-2021-0705) podman-1.0.0-8.git921f98f.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Podman-docker update (ELSA-2021-0705) podman-docker-1.0.0-8.git921f98f.module+el8.3.0+9668+293abd4d.noarch.rpm | Linux |
| Python3-criu update (ELSA-2021-0705) python3-criu-3.12-9.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Runc update (ELSA-2021-0705) runc-1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Skopeo update (ELSA-2021-0705) skopeo-0.1.32-6.git1715c90.0.1.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
| Slirp4netns update (ELSA-2021-0705) slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8.3.0+9668+293abd4d.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234