← voltar
CVE-2019-5736

CVE-2019-5736

EPSS 98.6%
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Produtos afetados
n/a · n/a
PoCs públicas encontradas34
githubgithub.com/Frichetten/CVE-2019-5736-PoC657githubgithub.com/q3k/cve-2019-5736-poc209githubgithub.com/twistlock/RunC-CVE-2019-573686githubgithub.com/jas502n/CVE-2019-573614githubgithub.com/agppp/cve-2019-5736-poc7githubgithub.com/epsteina16/Docker-Escape-Miner3githubgithub.com/panzouh/Docker-Runc-Exploit1githubgithub.com/b3d3c/poc-cve-2019-57361githubgithub.com/likekabin/CVE-2019-57361githubgithub.com/GiverOfGifts/CVE-2019-5736-Custom-Runtime1githubgithub.com/milloni/cve-2019-5736-exp1githubgithub.com/Billith/CVE-2019-5736-PoC0githubgithub.com/BBRathnayaka/POC-CVE-2019-57360githubgithub.com/shen54/IT191720880githubgithub.com/h3x0v3rl0rd/CVE-2019-57360githubgithub.com/fahmifj/Docker-breakout-runc0githubgithub.com/si1ent-le/CVE-2019-57360githubgithub.com/takumak/cve-2019-5736-reproducer0githubgithub.com/sonyavalo/CVE-2019-5736-Dockerattack-and-security-mechanism0githubgithub.com/Perimora/cve_2019-5736-PoC0githubgithub.com/sastraadiwiguna-purpleeliteteaming/Holistic-Deconstruction-of-CVE-2019-5736-0githubgithub.com/likekabin/cve-2019-5736-poc0githubgithub.com/yyqs2008/CVE-2019-5736-PoC-20githubgithub.com/stillan00b/CVE-2019-57360githubgithub.com/RyanNgWH/CVE-2019-5736-POC0githubgithub.com/Lee-SungYoung/cve-2019-5736-study0githubgithub.com/h-wookie/cve-2019-5736-poc0githubgithub.com/geropl/CVE-2019-57360exploitdbwww.exploit-db.com/exploits/46369não verificadocve_referencepacketstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.htmlnão verificadocve_referencewww.exploit-db.com/exploits/46359/não verificadocve_referencewww.exploit-db.com/exploits/46369/não verificadoexploitdbwww.exploit-db.com/exploits/46359não verificadocve_referencepacketstormsecurity.com/files/163339/Docker-Container-Escape.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlhttp://packetstormsecurity.com/files/163339/Docker-Container-Escape.htmlhttp://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html