3 matches found
runc through 1.0-rc6 as used in Docker before 18.09.2 and other products allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image or (2) an existing container to which the attacker previously had write access that can be attached with docker exec. This occurs because of file-descriptor mishandling related to /proc/self/exe.
...
UBUNTU-CVE-2019-5736
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a new container with an...
DEBIAN-CVE-2009-1894
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LDBINDNOW to 1, and then calling execv on the target of the /proc/self/exe symlink...