CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Publish Date : 2019-02-11 Last Update Date : 2021-12-16
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
9.3
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Execute Code
CWE ID 78

- Related OVAL Definitions

Title Definition Id Class Family
RHSA-2019:0975: container-tools:rhel8 security and bug fix update (Important) oval:com.redhat.rhsa:def:20190975 unix
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2019-5736

# Product Type Vendor Product Version Update Edition Language
1 Application Apache Mesos * * * * Version Details Vulnerabilities
2 OS Canonical Ubuntu Linux 16.04 * * * Version Details Vulnerabilities
3 OS Canonical Ubuntu Linux 18.04 * * * Version Details Vulnerabilities
4 OS Canonical Ubuntu Linux 18.10 * * * Version Details Vulnerabilities
5 OS Canonical Ubuntu Linux 19.04 * * * Version Details Vulnerabilities
6 OS D2iq Dc\/os * * * * Version Details Vulnerabilities
7 Application D2iq Kubernetes Engine * * * * Version Details Vulnerabilities
8 Application Docker Docker * * * * Version Details Vulnerabilities
9 OS Fedoraproject Fedora 29 * * * Version Details Vulnerabilities
10 OS Fedoraproject Fedora 30 * * * Version Details Vulnerabilities
11 Application Google Kubernetes Engine - * * * Version Details Vulnerabilities
12 Application HP Onesphere - * * * Version Details Vulnerabilities
13 Application Linuxcontainers LXC * * * * Version Details Vulnerabilities
14 Application Linuxfoundation Runc * * * * Version Details Vulnerabilities
15 Application Linuxfoundation Runc 1.0.0 RC3 * * Version Details Vulnerabilities
16 Application Linuxfoundation Runc 1.0.0 RC4 * * Version Details Vulnerabilities
17 Application Linuxfoundation Runc 1.0.0 RC5 * * Version Details Vulnerabilities
18 Application Linuxfoundation Runc 1.0.0 RC6 * * Version Details Vulnerabilities
19 Application Linuxfoundation Runc 1.0.0 RC1 * * Version Details Vulnerabilities
20 Application Linuxfoundation Runc 1.0.0 RC2 * * Version Details Vulnerabilities
21 Application Microfocus Service Management Automation 2018.02 * * * Version Details Vulnerabilities
22 Application Microfocus Service Management Automation 2018.05 * * * Version Details Vulnerabilities
23 Application Microfocus Service Management Automation 2018.08 * * * Version Details Vulnerabilities
24 Application Microfocus Service Management Automation 2018.11 * * * Version Details Vulnerabilities
25 Application Netapp Hci Management Node - * * * Version Details Vulnerabilities
26 Application Netapp Solidfire - * * * Version Details Vulnerabilities
27 Application Opensuse Backports Sle 15.0 - * * Version Details Vulnerabilities
28 Application Opensuse Backports Sle 15.0 SP1 * * Version Details Vulnerabilities
29 OS Opensuse Leap 15.0 * * * Version Details Vulnerabilities
30 OS Opensuse Leap 15.1 * * * Version Details Vulnerabilities
31 OS Opensuse Leap 42.3 * * * Version Details Vulnerabilities
32 Application Redhat Container Development Kit 3.7 * * * Version Details Vulnerabilities
33 OS Redhat Enterprise Linux 8.0 * * * Version Details Vulnerabilities
34 OS Redhat Enterprise Linux Server 7.0 * * * Version Details Vulnerabilities
35 Application Redhat Openshift 3.4 * * * Version Details Vulnerabilities
36 Application Redhat Openshift 3.5 * * * Version Details Vulnerabilities
37 Application Redhat Openshift 3.6 * * * Version Details Vulnerabilities
38 Application Redhat Openshift 3.7 * * * Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Apache Mesos 1
Canonical Ubuntu Linux 4
D2iq Dc\/os 1
D2iq Kubernetes Engine 1
Docker Docker 1
Fedoraproject Fedora 2
Google Kubernetes Engine 1
HP Onesphere 1
Linuxcontainers LXC 1
Linuxfoundation Runc 7
Microfocus Service Management Automation 4
Netapp Hci Management Node 1
Netapp Solidfire 1
Opensuse Backports Sle 2
Opensuse Leap 3
Redhat Container Development Kit 1
Redhat Enterprise Linux 1
Redhat Enterprise Linux Server 1
Redhat Openshift 4

- References For CVE-2019-5736

https://lists.apache.org/thread.html/[email protected]%3Cdev.dlab.apache.org%3E
MLIST [dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
SUSE openSUSE-SU-2019:1275
https://lists.fedoraproject.org/archives/list/[email protected]/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
FEDORA FEDORA-2019-bc70b381ad
https://lists.fedoraproject.org/archives/list/[email protected]/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
FEDORA FEDORA-2019-6174b47003
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944 CONFIRM
http://www.openwall.com/lists/oss-security/2019/06/28/2
MLIST [oss-security] 20190628 Re: linux-distros membership application - Microsoft
http://www.openwall.com/lists/oss-security/2019/07/06/4
MLIST [oss-security] 20190706 Re: linux-distros membership application - Microsoft
http://www.openwall.com/lists/oss-security/2019/07/06/3
MLIST [oss-security] 20190706 Re: linux-distros membership application - Microsoft
http://www.openwall.com/lists/oss-security/2019/10/29/3
MLIST [oss-security] 20191029 Re: Membership application for linux-distros - VMware
https://security.gentoo.org/glsa/202003-21
GENTOO GLSA-202003-21
https://lists.apache.org/thread.html/[email protected]%3Cdev.dlab.apache.org%3E
MLIST [dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736
https://lists.apache.org/thread.html/[email protected]%3Cissues.geode.apache.org%3E
MLIST [geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
SUSE openSUSE-SU-2019:2245
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
SUSE openSUSE-SU-2019:2286
http://www.openwall.com/lists/oss-security/2019/10/24/1
MLIST [oss-security] 20191023 Membership application for linux-distros - VMware
https://usn.ubuntu.com/4048-1/
UBUNTU USN-4048-1
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
SUSE openSUSE-SU-2019:2021
https://lists.fedoraproject.org/archives/list/[email protected]/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
FEDORA FEDORA-2019-2baa1f7b19
https://access.redhat.com/errata/RHSA-2019:0975
REDHAT RHSA-2019:0975
https://lists.apache.org/thread.html/[email protected]%3Cdev.dlab.apache.org%3E
MLIST [dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736
https://lists.fedoraproject.org/archives/list/[email protected]/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
FEDORA FEDORA-2019-c1dac1b3b8
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
SUSE openSUSE-SU-2019:1506
https://access.redhat.com/errata/RHSA-2019:0303
REDHAT RHSA-2019:0303
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
https://github.com/rancher/runc-cve
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
SUSE openSUSE-SU-2019:1481
https://www.openwall.com/lists/oss-security/2019/02/11/2
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
https://bugzilla.suse.com/show_bug.cgi?id=1121967
https://www.exploit-db.com/exploits/46359/
EXPLOIT-DB 46359
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
https://lists.apache.org/thread.html/[email protected]%3Cdev.mesos.apache.org%3E
MLIST [mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
SUSE openSUSE-SU-2019:1499
https://access.redhat.com/security/vulnerabilities/runcescape
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
SUSE openSUSE-SU-2019:1227
https://lists.apache.org/thread.html/[email protected]%3Cdev.dlab.apache.org%3E
MLIST [dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003 CONFIRM
http://www.openwall.com/lists/oss-security/2019/03/23/1
MLIST [oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
SUSE openSUSE-SU-2019:1079
https://lists.apache.org/thread.html/[email protected]%3Cuser.mesos.apache.org%3E
MLIST [mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.
https://security.netapp.com/advisory/ntap-20190307-0008/ CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us CONFIRM
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc CISCO
https://www.synology.com/security/advisory/Synology_SA_19_06 CONFIRM
https://access.redhat.com/errata/RHSA-2019:0408
REDHAT RHSA-2019:0408
https://access.redhat.com/errata/RHSA-2019:0401
REDHAT RHSA-2019:0401
http://www.securityfocus.com/bid/106976
BID 106976 Opencontainers runc CVE-2019-5736 Local Command Execution Vulnerability Release Date:2019-03-22
https://www.exploit-db.com/exploits/46369/
EXPLOIT-DB 46369
https://github.com/q3k/cve-2019-5736-poc
https://github.com/Frichetten/CVE-2019-5736-PoC
https://access.redhat.com/errata/RHSA-2019:0304
REDHAT RHSA-2019:0304
https://brauner.github.io/2019/02/12/privileged-containers.html
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
SUSE openSUSE-SU-2019:1444
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
https://access.redhat.com/security/cve/cve-2019-5736
https://github.com/docker/docker-ce/releases/tag/v18.09.2
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html

- Metasploit Modules Related To CVE-2019-5736

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.