Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-1079.NASLHistoryApr 01, 2019 - 12:00 a.m.
openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1079)
2019-04-0100:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.331 Low
EPSS
Percentile
97.1%
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues :
Security issues fixed :
-
CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
-
CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
-
CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
-
CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967).
Other changes and bug fixes :
-
Update shell completion to use Group: System/Shells.
-
Add daemon.json file with rotation logs configuration (bsc#1114832)
-
Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
-
Disable leap based builds for kubic flavor (bsc#1121412).
-
Allow users to explicitly specify the NIS domain name of a container (bsc#1001161).
-
Update docker.service to match upstream and avoid rlimit problems (bsc#1112980).
-
Update go requirements to >= go1.10
-
Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
-
Remove the usage of ‘cp -r’ to reduce noise in the build logs.
This update was imported from the SUSE:SLE-12:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1079.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(123542);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/06");
script_cve_id(
"CVE-2018-16873",
"CVE-2018-16874",
"CVE-2018-16875",
"CVE-2019-5736"
);
script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1079)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for containerd, docker, docker-runc,
golang-github-docker-libnetwork, runc fixes the following issues :
Security issues fixed :
- CVE-2018-16875: Fixed a CPU Denial of Service
(bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command
which could allow directory traversal in GOPATH mode
(bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command
which could allow remote code execution when executed
with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during
re-exec to avoid write attacks to the host runc binary,
which could lead to a container breakout (bsc#1121967).
Other changes and bug fixes :
- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration
(bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc
96ec2177ae84. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Disable leap based builds for kubic flavor
(bsc#1121412).
- Allow users to explicitly specify the NIS domain name of
a container (bsc#1001161).
- Update docker.service to match upstream and avoid rlimit
problems (bsc#1112980).
- Update go requirements to >= go1.10
- Use -buildmode=pie for tests and binary build
(bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build
logs.
This update was imported from the SUSE:SLE-12:Update update project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1001161");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048046");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051429");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112980");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121412");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124308");
script_set_attribute(attribute:"solution", value:
"Update the affected containerd / docker / docker-runc / etc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5736");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Docker Container Escape Via runC Overwrite');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-kubic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-kubic-ctr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-kubic-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-kubic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-kubic-bash-completion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-kubic-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-kubic-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-kubic-kubeadm-criconfig");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-kubic-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-kubic-test-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-kubic-zsh-completion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-kubic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-kubic-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-kubic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-kubic-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-kubic-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-kubic-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork-kubic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork-kubic-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"containerd-1.2.2-22.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"containerd-ctr-1.2.2-22.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"containerd-kubic-1.2.2-22.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"containerd-kubic-ctr-1.2.2-22.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"containerd-kubic-test-1.2.2-22.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"containerd-test-1.2.2-22.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-bash-completion-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-kubic-bash-completion-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-kubic-zsh-completion-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-runc-debugsource-1.0.0rc6+gitr3748_96ec2177ae84-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-runc-kubic-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-runc-kubic-debugsource-1.0.0rc6+gitr3748_96ec2177ae84-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-runc-kubic-test-1.0.0rc6+gitr3748_96ec2177ae84-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"docker-zsh-completion-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"golang-github-docker-libnetwork-debugsource-0.7.0.1+gitr2711_2cfbf9b1f981-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"golang-github-docker-libnetwork-kubic-debugsource-0.7.0.1+gitr2711_2cfbf9b1f981-11.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-debuginfo-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-debugsource-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-kubic-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-kubic-debuginfo-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-kubic-debugsource-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-kubic-kubeadm-criconfig-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-kubic-test-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-kubic-test-debuginfo-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-test-18.09.1_ce-54.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"docker-test-debuginfo-18.09.1_ce-54.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / containerd-kubic / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | containerd-kubic-ctr | p-cpe:/a:novell:opensuse:containerd-kubic-ctr |
| novell | opensuse | golang-github-docker-libnetwork-kubic | p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork-kubic |
| novell | opensuse | golang-github-docker-libnetwork | p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork |
| novell | opensuse | docker-runc-kubic-debugsource | p-cpe:/a:novell:opensuse:docker-runc-kubic-debugsource |
| novell | opensuse | docker-kubic-test-debuginfo | p-cpe:/a:novell:opensuse:docker-kubic-test-debuginfo |
| novell | opensuse | docker-test | p-cpe:/a:novell:opensuse:docker-test |
| novell | opensuse | docker-libnetwork | p-cpe:/a:novell:opensuse:docker-libnetwork |
| novell | opensuse | docker | p-cpe:/a:novell:opensuse:docker |
| novell | opensuse | containerd | p-cpe:/a:novell:opensuse:containerd |
| novell | opensuse | docker-kubic | p-cpe:/a:novell:opensuse:docker-kubic |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16873
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16875
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736
bugzilla.opensuse.org/show_bug.cgi?id=1001161
bugzilla.opensuse.org/show_bug.cgi?id=1048046
bugzilla.opensuse.org/show_bug.cgi?id=1051429
bugzilla.opensuse.org/show_bug.cgi?id=1112980
bugzilla.opensuse.org/show_bug.cgi?id=1114832
bugzilla.opensuse.org/show_bug.cgi?id=1118897
bugzilla.opensuse.org/show_bug.cgi?id=1118898
bugzilla.opensuse.org/show_bug.cgi?id=1118899
bugzilla.opensuse.org/show_bug.cgi?id=1121412
bugzilla.opensuse.org/show_bug.cgi?id=1121967
bugzilla.opensuse.org/show_bug.cgi?id=1124308
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:0495-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for runc (openSUSE-SU-2019:0208-1)
2019-02-20 00:00:00
openSUSE: Security Advisory for containerd (openSUSE-SU-2019:0295-1)
2019-03-07 00:00:00
nessus
nessus
suse
suse
Security update for runc (important)
2019-02-19 00:00:00
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (important)
2019-03-06 00:00:00
Security update for runc (important)
2019-02-13 00:00:00
gentoo
gentoo
Go: Multiple vulnerabilities
2018-12-21 00:00:00
mageia
mageia
Updated docker packages fix security vulnerability
2019-05-19 14:27:30
Updated golang packages fix security vulnerability
2019-02-13 14:08:25
Updated lxc packages fix security vulnerability
2019-02-17 03:31:02
archlinux
archlinux
[ASA-201812-11] go: multiple issues
2018-12-18 00:00:00
[ASA-201812-12] go-pie: multiple issues
2018-12-18 00:00:00
[ASA-201902-20] flatpak: privilege escalation
2019-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: golang-1.10.7-1.fc28
2019-01-11 03:00:42
[SECURITY] Fedora 29 Update: golang-1.11.4-1.fc29
2019-01-11 04:35:42
[SECURITY] Fedora 28 Update: golang-1.10.8-1.fc28
2019-02-20 02:37:34
arista
arista
Security Advisory 0039
2019-01-16 00:00:00
amazon
amazon
Important: golang
2018-12-14 18:50:00
Important: docker
2019-02-08 22:28:00
ibm
ibm
osv
osv
CVE-2018-16875
2018-12-14 14:29:00
CVE-2018-16873
2018-12-14 14:29:00
Remote command execution via "go get" with "-u" flag in cmd/go
2022-08-04 21:30:35
debiancve
debiancve
cve
cve
redhatcve
redhatcve
nvd
nvd
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2018-12-14 14:29:00
Directory traversal
2018-12-14 14:29:00
Code injection
2018-12-14 14:29:00
cvelist
cvelist
veracode
veracode
Remote Code Execution (RCE)
2021-03-14 00:10:58
Directory Traversal
2021-03-14 00:10:59
Remote Code Execution (RCE)
2018-12-17 09:16:57
vmware
vmware
zdt
zdt
runC < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution Exploit
2019-02-12 00:00:00
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
2019-02-15 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2019-0001
2019-02-12 00:00:00
exploitpack
exploitpack
runc 1.0-rc6 (Docker 18.09.2) - Container Breakout (2)
2019-02-13 00:00:00
threatpost
threatpost
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
2021-10-26 21:22:26
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
2022-04-19 17:29:49
Major Container Security Flaw Threatens Cascading Attacks
2019-02-12 18:28:41
virtuozzo
virtuozzo
f5
f5
K46421255 : Docker privilege elevation vulnerability CVE-2019-5736
2019-03-01 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Docker
2019-12-12 16:57:13
Exploit for OS Command Injection in Docker
2021-07-08 22:46:30
Exploit for OS Command Injection in Docker
2019-06-30 13:42:14
redhat
redhat
(RHSA-2019:0408) Important: OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7 security update
2019-02-26 09:31:21
(RHSA-2019:0304) Important: docker security update
2019-02-11 14:26:20
(RHSA-2019:0303) Important: runc security update
2019-02-11 14:24:53
kitploit
kitploit
Whoc - A Container Image That Extracts The Underlying Container Runtime
2021-11-24 11:30:00
altlinux
altlinux
Security fix for the ALT Linux 8 package runc version 1.0.0-alt7.git0a012df
2019-02-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-5736 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
thn
thn
RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts
2019-02-12 08:59:00
hackerone
hackerone
50m-ctf: $50 million CTF Writeup
2019-03-25 02:28:13
50m-ctf: CTF write-up: c8889970d9fb722066f31e804e351993
2019-03-03 10:08:22
almalinux
almalinux
Important: container-tools:rhel8 security and bug fix update
2019-05-07 03:39:11
impervablog
impervablog
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners
2019-03-04 21:00:39
oraclelinux
oraclelinux
runc bug fix update
2021-04-28 00:00:00
alpinelinux
alpinelinux
CVE-2019-5736
2019-02-11 19:29:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.331 Low
EPSS
Percentile
97.1%
Related for OPENSUSE-2019-1079.NASL