Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2019-5736HistoryFeb 11, 2019 - 7:29 p.m.
CVE-2019-5736
2019-02-1119:29:00
Debian Security Bug Tracker
security-tracker.debian.org
19
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
74.6%
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | lxc | < 1:3.1.0+really3.0.3-4 | lxc_1:3.1.0+really3.0.3-4_all.deb |
| Debian | 11 | all | lxc | < 1:3.1.0+really3.0.3-4 | lxc_1:3.1.0+really3.0.3-4_all.deb |
| Debian | 10 | all | lxc | < 1:3.1.0+really3.0.3-4 | lxc_1:3.1.0+really3.0.3-4_all.deb |
| Debian | 999 | all | lxc | < 1:3.1.0+really3.0.3-4 | lxc_1:3.1.0+really3.0.3-4_all.deb |
| Debian | 13 | all | lxc | < 1:3.1.0+really3.0.3-4 | lxc_1:3.1.0+really3.0.3-4_all.deb |
| Debian | 12 | all | runc | < 1.0.0~rc6+dfsg1-2 | runc_1.0.0~rc6+dfsg1-2_all.deb |
| Debian | 11 | all | runc | < 1.0.0~rc6+dfsg1-2 | runc_1.0.0~rc6+dfsg1-2_all.deb |
| Debian | 10 | all | runc | < 1.0.0~rc6+dfsg1-2 | runc_1.0.0~rc6+dfsg1-2_all.deb |
| Debian | 999 | all | runc | < 1.0.0~rc6+dfsg1-2 | runc_1.0.0~rc6+dfsg1-2_all.deb |
| Debian | 13 | all | runc | < 1.0.0~rc6+dfsg1-2 | runc_1.0.0~rc6+dfsg1-2_all.deb |
Related
oraclelinux
oraclelinux
runc bug fix update
2021-04-28 00:00:00
container-tools:rhel8 security and bug fix update
2019-07-30 00:00:00
docker-engine security update
2019-02-19 00:00:00
nessus
nessus
Fedora 28 : moby-engine (2019-829524f28f)
2019-02-19 00:00:00
Fedora 28 : 2:runc (2019-963ea958f9)
2019-02-21 00:00:00
EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2019-1074)
2019-03-08 00:00:00
suse
suse
Security update for lxc (moderate)
2019-10-03 00:00:00
Security update for docker-runc (important)
2019-02-27 00:00:00
Security update for lxc (moderate)
2019-10-07 00:00:00
ibm
ibm
impervablog
impervablog
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners
2019-03-04 21:00:39
osv
osv
Important: container-tools:rhel8 security and bug fix update
2019-05-07 03:39:11
CVE-2019-5736
2019-02-11 19:29:00
Important: container-tools:rhel8 security and bug fix update
2019-05-07 03:39:11
fedora
fedora
[SECURITY] Fedora 29 Update: python3-lxc-3.0.4-1.fc29
2019-09-06 12:59:40
[SECURITY] Fedora 30 Update: lxcfs-3.0.4-1.fc30
2019-09-06 12:35:28
[SECURITY] Fedora 29 Update: moby-engine-18.06.0-2.ce.git0ffa825.fc29
2019-02-19 14:04:24
githubexploit
githubexploit
Exploit for OS Command Injection in Docker
2019-06-30 13:42:14
Exploit for OS Command Injection in Docker
2019-12-12 16:57:13
Exploit for OS Command Injection in Docker
2021-07-08 22:46:30
hackerone
hackerone
Internet Bug Bounty: CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host
2019-02-13 18:50:11
50m-ctf: CTF write-up: c8889970d9fb722066f31e804e351993
2019-03-03 10:08:22
50m-ctf: $50 million CTF Writeup
2019-03-25 02:28:13
zdt
zdt
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
2019-02-15 00:00:00
runC < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution Exploit
2019-02-12 00:00:00
Docker Container Escape Exploit
2021-07-01 00:00:00
cve
cve
openvas
openvas
Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2019-1074)
2020-01-23 00:00:00
Fedora Update for runc FEDORA-2019-6174b47003
2019-05-07 00:00:00
Fedora Update for runc FEDORA-2019-963ea958f9
2019-02-21 00:00:00
ubuntucve
ubuntucve
redhat
redhat
(RHSA-2019:0304) Important: docker security update
2019-02-11 14:26:20
(RHSA-2019:0303) Important: runc security update
2019-02-11 14:24:53
photon
photon
threatpost
threatpost
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
2021-10-26 21:22:26
Major Container Security Flaw Threatens Cascading Attacks
2019-02-12 18:28:41
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
2022-04-19 17:29:49
vmware
vmware
exploitpack
exploitpack
runc 1.0-rc6 (Docker 18.09.2) - Container Breakout (2)
2019-02-13 00:00:00
f5
f5
K46421255 : Docker privilege elevation vulnerability CVE-2019-5736
2019-03-01 00:00:00
amazon
amazon
Important: docker
2019-02-08 22:28:00
virtuozzo
virtuozzo
mageia
mageia
Updated opencontainers-runc packages fix security vulnerability
2019-02-13 14:08:25
Updated lxc packages fix security vulnerability
2019-02-17 03:31:02
trendmicroblog
trendmicroblog
This Week in Security News: Instagram Hackers and Enterprise Threats
2019-03-01 14:57:50
Attacking Containers and runC
2019-02-12 19:22:35
veracode
veracode
Malicious Container Execution
2019-02-12 02:31:29
Remote Code Execution
2020-06-24 03:08:12
redhatcve
redhatcve
CVE-2019-5736
2020-01-11 09:33:43
CVE-2020-14298
2020-06-23 19:26:46
qualysblog
qualysblog
RunC Container Breakout Vulnerability
2019-02-12 15:46:10
thn
thn
Microsoft Warns of Cross-Account Takeover Bug in Azure Container Instances
2021-09-10 05:07:00
RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts
2019-02-12 08:59:00
archlinux
archlinux
[ASA-201902-6] runc: privilege escalation
2019-02-11 00:00:00
[ASA-201902-20] flatpak: privilege escalation
2019-02-17 00:00:00
alpinelinux
alpinelinux
CVE-2019-5736
2019-02-11 19:29:00
prion
prion
Design/Logic Flaw
2019-02-11 19:29:00
Design/Logic Flaw
2020-07-13 21:15:00
Command injection
2019-05-31 12:29:00
altlinux
altlinux
Security fix for the ALT Linux 8 package runc version 1.0.0-alt7.git0a012df
2019-02-20 00:00:00
Security fix for the ALT Linux 10 package runc version 1.0.0-alt7.git0a012df
2019-02-13 00:00:00
kitploit
kitploit
almalinux
almalinux
Important: container-tools:rhel8 security and bug fix update
2019-05-07 03:39:11
cbl_mariner
cbl_mariner
CVE-2019-5736 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
checkpoint_advisories
checkpoint_advisories
runc Container Escape (CVE-2019-5736)
2019-02-14 00:00:00
cloudfoundry
cloudfoundry
CVE-2019-5736: runC container breakout | Cloud Foundry
2019-02-13 00:00:00
rocky
rocky
container-tools:rhel8 security and bug fix update
2019-05-07 03:39:11
cisco
cisco
metasploit
metasploit
Docker Container Escape Via runC Overwrite
2021-06-30 09:02:11
packetstorm
packetstorm
Docker Container Escape
2021-07-01 00:00:00
ubuntu
ubuntu
Docker vulnerabilities
2019-07-08 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-07-02 18:44:54
debiancve
debiancve
CVE-2020-14298
2020-07-13 21:15:00
CVE-2019-12499
2019-05-31 12:29:00
github
github
gentoo
gentoo
runC: Multiple vulnerabilities
2020-03-15 00:00:00
attackerkb
attackerkb
CVE-2019-5736
2019-02-11 00:00:00
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
74.6%
Related for DEBIANCVE:CVE-2019-5736