GHSA-XR7R-F8XQ-VFVV runc vulnerable to container breakout through process.cwd trickery and leaked fds

Impact In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem "attack 2". Th...

Container Breakout (Leaky Vessels)

Overview github.com/opencontainers/runc/libcontainer is a package for a modern container runtime. Affected versions of this package are vulnerable to Container Breakout Leaky Vessels. Due to certain leaked file descriptors, an attacker could cause a newly-spawned container process from runc exec ...

Container Breakout (Leaky Vessels)

Overview Affected versions of this package are vulnerable to Container Breakout Leaky Vessels. Due to certain leaked file descriptors, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem namespace, allowing for a container...

SUSE CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

Low: Red Hat Security Advisory: container-tools:rhel8 security, bug fix, and enhancement update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2253)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempti...

DEBIAN-CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

UBUNTU-CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

Design/Logic Flaw

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

CVE-2016-9962

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

RunC Exec Vulnerability | Cloud Foundry

Medium Vendor Open Containers Initiative Description RunC allowed additional container processes via runc exec to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the...

runC: Privilege escalation

Background RunC is a CLI tool for spawning and running containers according to the OCI specification. Description A vulnerability was discovered in runC that allows additional container processes via ‘runc exec’ to be ptraced by the pid 1 of the container. This allows the main processes of the...