4 matches found
Metasploit Wrap-Up
Containers that fail to Contain Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the work of Adam Iwaniuk that breaks out of a Docker container by overwriting the runc binary of an image which is run in the user context whenever someone outside the container runs docker...
Exploit for OS Command Injection in Docker
CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious version, which is then executed when a container is run. The vulnerability is present in the runc binary, which is responsible for...
runc: Execution of malicious containers allows for container escape and access to host filesystem
A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system...
Security update for docker-runc (important)
openSUSE Security Update: Security update for docker-runc Announcement ID: openSUSE-SU-2019:0201-1 Rating: important References: 1121967 Cross-References: CVE-2019-5736 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This update for...