Vulnerability Details : CVE-2016-9962
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
Products affected by CVE-2016-9962
- cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-9962
Top countries where our scanners detected CVE-2016-9962
Top open port discovered on systems with this issue
2375
IPs affected by CVE-2016-9962 17
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-9962!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-9962
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9962
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
6.4
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.5
|
5.9
|
NIST |
CWE ids for CVE-2016-9962
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9962
-
https://access.redhat.com/security/vulnerabilities/cve-2016-9962
On-entry container attack - CVE-2016-9962 - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/archive/1/540001/100/0/threaded
SecurityFocus
-
http://seclists.org/fulldisclosure/2017/Jan/21
Full Disclosure: Docker 1.12.6 - Security AdvisoryMailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2017/Jan/29
Full Disclosure: Re: [oss-security] Docker 1.12.6 - Security AdvisoryMailing List;Third Party Advisory
-
https://github.com/docker/docker/releases/tag/v1.12.6
Release v1.12.6 · moby/moby · GitHubVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0116.html
RHSA-2017:0116 - Security Advisory - Red Hat Customer Portal
-
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
Set init processes as non-dumpable · opencontainers/runc@50a19c6 · GitHubPatch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/
[SECURITY] Fedora 25 Update: docker-latest-1.12.6-2.git51ef5a8.fc25 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0127.html
RHSA-2017:0127 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/95361
Docker CVE-2016-9962 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201701-34
runC: Privilege escalation (GLSA 201701-34) — Gentoo securityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/
[SECURITY] Fedora 24 Update: docker-latest-1.12.6-1.git51ef5a8.fc24 - package-announce - Fedora Mailing-ListsThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0123.html
RHSA-2017:0123 - Security Advisory - Red Hat Customer Portal
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/
Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/
Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
Bug 1012568 – VUL-0: CVE-2016-9962: runc: container escape vulnerabilityIssue Tracking
Jump to