CVE-2019-5736

windowsblogita

FallediSicurezzaRunC:VulnerabilitàRivelateeRisolte

話題になった(?)CVE-2019-5736はコンテナ内からホスト側のrunCそのものを書き換える脆弱性で、strings /proc/${PID}/cmdlineなどでrunCの文字列が含まれてるものを探して任意のバイトコードに書き換えてやった後、docker execなどでrunCを動かしてやると悪意のあるコードが実行できてしまうぽい

NEW: CVE-2019-5736 runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the abi... (click for more) Severity: HIGH https://t.co/DyZ6njhlxA?amp=1

2年前だが古い Docker 使っていると Docker コンテナ内部からホストの root 奪取ができる。実際に試すと簡単にできてしまう。 / CVE-2019-5736-PoC https://t.co/zQLshjMmZJ?amp=1

Having trouble with CVE-2019-5736 - Docker runc Breakout exploit. Everything is running as expected except the root reverse shell payload popping. Any help would be appreciated.

Docker Container Escape: This Metasploit module leverages a flaw in runc to escape a Docker container and get command execution on the host as root. This vulnerability is identified as CVE-2019-5736. It overwrites the runc binary with the payload and… https://t.co/1lhoVkE5Jb?amp=1

Dragon Sector: CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host https://t.co/nszf4RIPdj?amp=1

Docker Container Escape: This Metasploit module leverages a flaw in runc to escape a Docker container and get command execution on the host as root. This vulnerability is identified as CVE-2019-5736. It overwrites the runc binary with the payload and… https://t.co/nSL1R0cCRS?amp=1

Shadowserver

551 accessible Docker services on port 2375/TCP (non-SSL) worldwide in new IPv4 daily scan, an unnecessarily exposed attack surface. 290 likely vulnerable to CVE-2019-5736, which allows for host root access. Most in China & USA. Block access & update now! https://t.co/uv2hb3oxwP