Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Published

2019-02-11T19:29:00.297

Last Modified

2024-11-21T04:45:24.603

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	docker	docker	< 18.09.2	Yes
Application	linuxfoundation	runc	≤ 0.1.1	Yes
Application	linuxfoundation	runc	1.0.0	Yes
Application	linuxfoundation	runc	1.0.0	Yes
Application	linuxfoundation	runc	1.0.0	Yes
Application	linuxfoundation	runc	1.0.0	Yes
Application	linuxfoundation	runc	1.0.0	Yes
Application	linuxfoundation	runc	1.0.0	Yes
Application	redhat	container_development_kit	3.7	Yes
Application	redhat	openshift	3.4	Yes
Application	redhat	openshift	3.5	Yes
Application	redhat	openshift	3.6	Yes
Application	redhat	openshift	3.7	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Application	google	kubernetes_engine	-	Yes
Application	linuxcontainers	lxc	< 3.2.0	Yes
Application	hp	onesphere	-	Yes
Application	netapp	hci_management_node	-	Yes
Application	netapp	solidfire	-	Yes
Application	apache	mesos	< 1.4.3	Yes
Application	apache	mesos	< 1.5.3	Yes
Application	apache	mesos	< 1.6.2	Yes
Application	apache	mesos	< 1.7.2	Yes
Application	opensuse	backports_sle	15.0	Yes
Application	opensuse	backports_sle	15.0	Yes
Operating System	opensuse	leap	15.0	Yes
Operating System	opensuse	leap	15.1	Yes
Operating System	opensuse	leap	42.3	Yes
Application	d2iq	kubernetes_engine	< 2.2.0-1.13.3	Yes
Operating System	d2iq	dc\/os	< 1.10.10	Yes
Operating System	d2iq	dc\/os	< 1.11.9	Yes
Operating System	d2iq	dc\/os	< 1.12.1	Yes
Operating System	fedoraproject	fedora	29	Yes
Operating System	fedoraproject	fedora	30	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	18.10	Yes
Operating System	canonical	ubuntu_linux	19.04	Yes
Application	microfocus	service_management_automation	2018.02	Yes
Application	microfocus	service_management_automation	2018.05	Yes
Application	microfocus	service_management_automation	2018.08	Yes
Application	microfocus	service_management_automation	2018.11	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html Mailing List, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html Exploit, Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html Third Party Advisory, VDB Entry ([email protected])
http://www.openwall.com/lists/oss-security/2019/03/23/1 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2019/06/28/2 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2019/07/06/3 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2019/07/06/4 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2019/10/24/1 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2019/10/29/3 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/01/31/6 ([email protected])
http://www.openwall.com/lists/oss-security/2024/02/01/1 ([email protected])
http://www.openwall.com/lists/oss-security/2024/02/02/3 ([email protected])
http://www.securityfocus.com/bid/106976 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2019:0303 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:0304 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:0401 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:0408 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:0975 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/cve-2019-5736 Third Party Advisory ([email protected])
https://access.redhat.com/security/vulnerabilities/runcescape Third Party Advisory ([email protected])
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/ Third Party Advisory ([email protected])
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/ Patch, Third Party Advisory, Vendor Advisory ([email protected])
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/ Patch, Third Party Advisory, Vendor Advisory ([email protected])
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html Exploit, Mitigation, Third Party Advisory ([email protected])
https://brauner.github.io/2019/02/12/privileged-containers.html Exploit, Technical Description, Third Party Advisory ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1121967 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc Third Party Advisory ([email protected])
https://github.com/Frichetten/CVE-2019-5736-PoC Exploit, Third Party Advisory ([email protected])
https://github.com/docker/docker-ce/releases/tag/v18.09.2 Release Notes, Third Party Advisory ([email protected])
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b Patch, Third Party Advisory ([email protected])
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d Patch, Third Party Advisory ([email protected])
https://github.com/q3k/cve-2019-5736-poc Exploit, Third Party Advisory ([email protected])
https://github.com/rancher/runc-cve Third Party Advisory ([email protected])
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/ ([email protected])
https://security.gentoo.org/glsa/202003-21 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20190307-0008/ Third Party Advisory ([email protected])
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944 Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us Permissions Required ([email protected])
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003 Exploit, Patch, Third Party Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc Third Party Advisory ([email protected])
https://usn.ubuntu.com/4048-1/ Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/46359/ Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.exploit-db.com/exploits/46369/ Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.openwall.com/lists/oss-security/2019/02/11/2 Mailing List, Patch, Third Party Advisory ([email protected])
https://www.synology.com/security/advisory/Synology_SA_19_06 Third Party Advisory ([email protected])
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/ Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/03/23/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/06/28/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/07/06/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/07/06/4 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/10/24/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/10/29/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/01/31/6 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/02/01/1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/02/02/3 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/106976 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0303 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0304 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0401 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0408 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0975 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/cve-2019-5736 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/vulnerabilities/runcescape Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/ Patch, Third Party Advisory, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/ Patch, Third Party Advisory, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html Exploit, Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://brauner.github.io/2019/02/12/privileged-containers.html Exploit, Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1121967 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Frichetten/CVE-2019-5736-PoC Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/docker/docker-ce/releases/tag/v18.09.2 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/q3k/cve-2019-5736-poc Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rancher/runc-cve Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202003-21 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190307-0008/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003 Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4048-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46359/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46369/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2019/02/11/2 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/security/advisory/Synology_SA_19_06 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)