Vulnerabilities > CVE-2019-16884 - Incorrect Authorization vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.

Vulnerable Configurations

Part Description Count
Application
Linuxfoundation
20
Application
Docker
156
Application
Redhat
2
OS
Fedoraproject
3
OS
Opensuse
2
OS
Redhat
8
OS
Canonical
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1234.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. - runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135084
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135084
    titleRHEL 7 : docker (RHSA-2020:1234)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1234. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135084);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14");
    
      script_cve_id("CVE-2019-16884", "CVE-2020-1702", "CVE-2020-8945");
      script_xref(name:"RHSA", value:"2020:1234");
    
      script_name(english:"RHEL 7 : docker (RHSA-2020:1234)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1234 advisory.
    
      - runc: AppArmor/SELinux bypass with malicious image that
        specifies a volume at /proc (CVE-2019-16884)
    
      - containers/image: Container images read entire image
        manifest into memory (CVE-2020-1702)
    
      - proglottis/gpgme: Use-after-free in GPGME bindings
        during container image pull (CVE-2020-8945)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/41.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1234");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16884");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1784228");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1795376");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796451");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(41, 400, 416);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-logrotate");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-lvm-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-novolume-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-rhel-push-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-v1.10-migrator");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'docker-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-client-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-client-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-common-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-common-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-logrotate-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-logrotate-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-lvm-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-lvm-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-novolume-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-novolume-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'},
        {'reference':'docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'},
        {'reference':'docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker / docker-client / docker-common / etc');
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2810-1.NASL
    descriptionThis update for runc fixes the following issues : Security issue fixed : CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Non-security issues fixed: Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130391
    published2019-10-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130391
    titleSUSE SLES15 Security Update : runc (SUSE-SU-2019:2810-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2810-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130391);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/17");
    
      script_cve_id("CVE-2019-16884");
    
      script_name(english:"SUSE SLES15 Security Update : runc (SUSE-SU-2019:2810-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for runc fixes the following issues :
    
    Security issue fixed :
    
    CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that
    mount over a /proc directory. (bsc#1152308)
    
    Non-security issues fixed: Includes upstreamed patches for regressions
    (bsc#1131314 bsc#1131553).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16884/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192810-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a2ab83b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2810=1
    
    SUSE Linux Enterprise Module for Containers 15-SP1:zypper in -t patch
    SUSE-SLE-Module-Containers-15-SP1-2019-2810=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", reference:"runc-1.0.0~rc8-1.6.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"runc-debuginfo-1.0.0~rc8-1.6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0241_DOCKER.NASL
    descriptionAn update of the docker package has been released.
    last seen2020-05-18
    modified2020-05-13
    plugin id136568
    published2020-05-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136568
    titlePhoton OS 2.0: Docker PHSA-2020-2.0-0241
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-2.0-0241. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136568);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/15");
    
      script_cve_id("CVE-2019-16884");
    
      script_name(english:"Photon OS 2.0: Docker PHSA-2020-2.0-0241");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the docker package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-241.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16884");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:docker");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"docker-18.06.2-10.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"docker-doc-18.06.2-10.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2418.NASL
    descriptionThis update for docker-runc fixes the following issues : - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id130448
    published2019-11-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130448
    titleopenSUSE Security Update : docker-runc (openSUSE-2019-2418)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-2418.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130448);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/17");
    
      script_cve_id("CVE-2019-16884");
    
      script_name(english:"openSUSE Security Update : docker-runc (openSUSE-2019-2418)");
      script_summary(english:"Check for the openSUSE-2019-2418 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for docker-runc fixes the following issues :
    
      - CVE-2019-16884: Fixed an LSM bypass via malicious Docker
        images that mount over a /proc directory. (bsc#1152308)
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1152308"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected docker-runc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc8+gitr3826_425e105d5a03-lp150.5.28.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-lp150.5.28.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker-runc / docker-runc-debuginfo");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3940.NASL
    descriptionAn update for runc is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id131217
    published2019-11-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131217
    titleRHEL 8 : OpenShift Container Platform 4.1.24 runc (RHSA-2019:3940)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:3940. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131217);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/09");
    
      script_cve_id("CVE-2019-16884");
      script_xref(name:"RHSA", value:"2019:3940");
    
      script_name(english:"RHEL 8 : OpenShift Container Platform 4.1.24 runc (RHSA-2019:3940)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for runc is now available for Red Hat OpenShift Container
    Platform 4.1.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or
    private cloud deployments.
    
    This advisory contains the runC container image for Red Hat OpenShift
    Container Platform 4.1.24. The runC tool is a lightweight, portable
    implementation of the Open Container Format (OCF) that provides a
    container runtime.
    
    Security Fix(es) :
    
    * runc: AppArmor/SELinux bypass with malicious image that specifies a
    volume at the /proc directory (CVE-2019-16884)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:3940"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16884"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected runc package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:3940";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"runc-1.0.0-62.rc8.rhaos4.1.git3cbe540.el8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2786-1.NASL
    descriptionThis update for docker-runc fixes the following issues : CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130345
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130345
    titleSUSE SLED15 / SLES15 Security Update : docker-runc (SUSE-SU-2019:2786-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2786-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130345);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/17");
    
      script_cve_id("CVE-2019-16884");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : docker-runc (SUSE-SU-2019:2786-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for docker-runc fixes the following issues :
    
    CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that
    mount over a /proc directory. (bsc#1152308)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1152308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16884/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192786-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?64c20836"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Open Buildservice Development Tools
    15-SP1:zypper in -t patch
    SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2786=1
    
    SUSE Linux Enterprise Module for Containers 15-SP1:zypper in -t patch
    SUSE-SLE-Module-Containers-15-SP1-2019-2786=1
    
    SUSE Linux Enterprise Module for Containers 15:zypper in -t patch
    SUSE-SLE-Module-Containers-15-2019-2786=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:docker-runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:docker-runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:docker-runc-kubic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:docker-runc-kubic-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", reference:"docker-runc-kubic-1.0.0rc8+gitr3826_425e105d5a03-6.24.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"docker-runc-kubic-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.24.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"docker-runc-1.0.0rc8+gitr3826_425e105d5a03-6.24.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"docker-runc-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.24.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"docker-runc-1.0.0rc8+gitr3826_425e105d5a03-6.24.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"docker-runc-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.24.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"docker-runc-kubic-1.0.0rc8+gitr3826_425e105d5a03-6.24.1")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"docker-runc-kubic-debuginfo-1.0.0rc8+gitr3826_425e105d5a03-6.24.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker-runc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0292_DOCKER.NASL
    descriptionAn update of the docker package has been released.
    last seen2020-05-18
    modified2020-05-13
    plugin id136552
    published2020-05-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136552
    titlePhoton OS 1.0: Docker PHSA-2020-1.0-0292
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0292. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136552);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/15");
    
      script_cve_id("CVE-2019-13139", "CVE-2019-13509", "CVE-2019-16884");
      script_bugtraq_id(109253);
    
      script_name(english:"Photon OS 1.0: Docker PHSA-2020-1.0-0292");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the docker package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-292.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16884");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:docker");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"docker-18.09.9-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"docker-doc-18.09.9-2.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0088_DOCKER.NASL
    descriptionAn update of the docker package has been released.
    last seen2020-05-18
    modified2020-05-13
    plugin id136576
    published2020-05-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136576
    titlePhoton OS 3.0: Docker PHSA-2020-3.0-0088
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-3.0-0088. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136576);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/15");
    
      script_cve_id("CVE-2019-16884");
    
      script_name(english:"Photon OS 3.0: Docker PHSA-2020-3.0-0088");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the docker package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-88.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16884");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:docker");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"docker-18.06.2-12.ph3")) flag++;
    if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"docker-doc-18.06.2-12.ph3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-BD4843561C.NASL
    descriptionResolves: #1757214, #1757290 - CVE-2019-16884 ---- add patch for cgroupsv2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129702
    published2019-10-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129702
    titleFedora 31 : 2:runc (2019-bd4843561c)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-bd4843561c.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129702);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/19");
    
      script_cve_id("CVE-2019-16884");
      script_xref(name:"FEDORA", value:"2019-bd4843561c");
    
      script_name(english:"Fedora 31 : 2:runc (2019-bd4843561c)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Resolves: #1757214, #1757290 - CVE-2019-16884
    
    ----
    
    add patch for cgroupsv2
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-bd4843561c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:runc package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:runc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC31", reference:"runc-1.0.0-101.rc9.gitc1485a1.fc31", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:runc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-45.NASL
    descriptionThis update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : - CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308). Bug fixes : - Update to Docker 19.03.5-ce (bsc#1158590). - Update to Docker 19.03.3-ce (bsc#1153367). - Update to Docker 19.03.2-ce (bsc#1150397). - Fixed default installation such that --userns-remap=default works properly (bsc#1143349). - Fixed nginx blocked by apparmor (bsc#1122469). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id132914
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132914
    titleopenSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2020-45)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2020-45.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132914);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id("CVE-2019-16884");
    
      script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2020-45)");
      script_summary(english:"Check for the openSUSE-2020-45 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for containerd, docker, docker-runc,
    golang-github-docker-libnetwork fixes the following issues :
    
    Security issue fixed :
    
      - CVE-2019-16884: Fixed incomplete patch for LSM bypass
        via malicious Docker image that mount over a /proc
        directory (bsc#1152308). 
    
    Bug fixes :
    
      - Update to Docker 19.03.5-ce (bsc#1158590).
    
      - Update to Docker 19.03.3-ce (bsc#1153367).
    
      - Update to Docker 19.03.2-ce (bsc#1150397).
    
      - Fixed default installation such that
        --userns-remap=default works properly (bsc#1143349).
    
      - Fixed nginx blocked by apparmor (bsc#1122469).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122469"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1150397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1152308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1153367"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158590"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected containerd / docker / docker-runc / etc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"containerd-1.2.10-lp151.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"containerd-ctr-1.2.10-lp151.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-19.03.5_ce-lp151.2.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-bash-completion-19.03.5_ce-lp151.2.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-debuginfo-19.03.5_ce-lp151.2.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-lp151.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2877_3eb39382bfa6-lp151.2.9.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-runc-1.0.0rc8+gitr3917_3e425f80a8c9-lp151.3.12.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-runc-debuginfo-1.0.0rc8+gitr3917_3e425f80a8c9-lp151.3.12.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-test-19.03.5_ce-lp151.2.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-test-debuginfo-19.03.5_ce-lp151.2.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"docker-zsh-completion-19.03.5_ce-lp151.2.15.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2877_3eb39382bfa6-lp151.2.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / docker-runc / docker-runc-debuginfo / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-96946C39DD.NASL
    descriptionResolves: #1757214, #1757290 - CVE-2019-16884 ---- add patch for cgroupsv2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129952
    published2019-10-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129952
    titleFedora 30 : 2:runc (2019-96946c39dd)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-3FC86A518B.NASL
    descriptionResolves: #1757214, #1757290 - CVE-2019-16884 ---- add patch for cgroupsv2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129951
    published2019-10-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129951
    titleFedora 29 : 2:runc (2019-3fc86a518b)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4269.NASL
    descriptionFrom Red Hat Security Advisory 2019:4269 : An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es) : * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318) * backport json-file logging support to 1.4.2 (BZ#1770176) * Selinux won
    last seen2020-06-01
    modified2020-06-02
    plugin id132667
    published2020-01-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132667
    titleOracle Linux 8 : container-tools:ol8 (ELSA-2019-4269) (Ping Flood) (Reset Flood)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4269.NASL
    descriptionAn update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es) : * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318) * backport json-file logging support to 1.4.2 (BZ#1770176) * Selinux won
    last seen2020-05-23
    modified2019-12-18
    plugin id132234
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132234
    titleRHEL 8 : container-tools:rhel8 (RHSA-2019:4269) (Ping Flood) (Reset Flood)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0035-1.NASL
    descriptionThis update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Security issue fixed : CVE-2019-16884: Fixed incomplete patch for LSM bypass via malicious Docker image that mount over a /proc directory (bsc#1152308). Bug fixes: Update to Docker 19.03.5-ce (bsc#1158590). Update to Docker 19.03.3-ce (bsc#1153367). Update to Docker 19.03.2-ce (bsc#1150397). Fixed default installation such that --userns-remap=default works properly (bsc#1143349). Fixed nginx blocked by apparmor (bsc#1122469). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132743
    published2020-01-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132743
    titleSUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2020:0035-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4297-1.NASL
    descriptionIt was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-16884) It was discovered that runC incorrectly performed access control. An attacker could possibly use this issue to escalate privileges. (CVE-2019-19921). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-10
    plugin id134367
    published2020-03-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134367
    titleUbuntu 18.04 LTS / 19.10 : runc vulnerabilities (USN-4297-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-21 (runC: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact : An attacker, by running a malicious Docker image, could escape the container, bypass security restrictions, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134598
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134598
    titleGLSA-202003-21 : runC: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4074.NASL
    descriptionAn update for runc is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id131678
    published2019-12-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131678
    titleRHEL 8 : OpenShift Container Platform 4.2 runc (RHSA-2019:4074)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2434.NASL
    descriptionThis update for docker-runc fixes the following issues : - CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id130577
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130577
    titleopenSUSE Security Update : docker-runc (openSUSE-2019-2434)

Redhat

advisories
  • rhsa
    idRHSA-2019:3940
  • rhsa
    idRHSA-2019:4074
  • rhsa
    idRHSA-2019:4269
rpms
  • runc-0:1.0.0-67.rc10.el7_8
  • runc-debuginfo-0:1.0.0-67.rc10.el7_8
  • runc-0:1.0.0-62.rc8.rhaos4.1.git3cbe540.el8
  • runc-debuginfo-0:1.0.0-62.rc8.rhaos4.1.git3cbe540.el8
  • runc-debugsource-0:1.0.0-62.rc8.rhaos4.1.git3cbe540.el8
  • runc-0:1.0.0-63.rc8.el8
  • runc-debuginfo-0:1.0.0-63.rc8.el8
  • runc-debugsource-0:1.0.0-63.rc8.el8
  • buildah-0:1.9.0-5.module+el8.1.0+4240+893c1ab8
  • buildah-debuginfo-0:1.9.0-5.module+el8.1.0+4240+893c1ab8
  • buildah-debugsource-0:1.9.0-5.module+el8.1.0+4240+893c1ab8
  • buildah-tests-0:1.9.0-5.module+el8.1.0+4240+893c1ab8
  • buildah-tests-debuginfo-0:1.9.0-5.module+el8.1.0+4240+893c1ab8
  • cockpit-podman-0:4-1.module+el8.1.0+4081+b29780af
  • container-selinux-2:2.123.0-2.module+el8.1.0+4900+9d7326b8
  • containernetworking-plugins-0:0.8.1-3.module+el8.1.0+4881+045289ee
  • containernetworking-plugins-debuginfo-0:0.8.1-3.module+el8.1.0+4881+045289ee
  • containernetworking-plugins-debugsource-0:0.8.1-3.module+el8.1.0+4881+045289ee
  • containers-common-1:0.1.37-6.module+el8.1.0+4876+e678a192
  • fuse-overlayfs-0:0.4.1-1.module+el8.1.0+4081+b29780af
  • fuse-overlayfs-debuginfo-0:0.4.1-1.module+el8.1.0+4081+b29780af
  • fuse-overlayfs-debugsource-0:0.4.1-1.module+el8.1.0+4081+b29780af
  • oci-systemd-hook-1:0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af
  • oci-systemd-hook-debuginfo-1:0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af
  • oci-systemd-hook-debugsource-1:0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af
  • oci-umount-2:2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af
  • oci-umount-debuginfo-2:2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af
  • oci-umount-debugsource-2:2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af
  • podman-0:1.4.2-6.module+el8.1.0+4830+f49150d7
  • podman-debuginfo-0:1.4.2-6.module+el8.1.0+4830+f49150d7
  • podman-debugsource-0:1.4.2-6.module+el8.1.0+4830+f49150d7
  • podman-docker-0:1.4.2-6.module+el8.1.0+4830+f49150d7
  • podman-manpages-0:1.4.2-6.module+el8.1.0+4830+f49150d7
  • podman-remote-0:1.4.2-6.module+el8.1.0+4830+f49150d7
  • podman-remote-debuginfo-0:1.4.2-6.module+el8.1.0+4830+f49150d7
  • podman-tests-0:1.4.2-6.module+el8.1.0+4830+f49150d7
  • python-podman-api-0:1.2.0-0.1.gitd0a45fe.module+el8.1.0+4081+b29780af
  • runc-0:1.0.0-61.rc8.module+el8.1.0+4873+4a24e241
  • runc-debuginfo-0:1.0.0-61.rc8.module+el8.1.0+4873+4a24e241
  • runc-debugsource-0:1.0.0-61.rc8.module+el8.1.0+4873+4a24e241
  • skopeo-1:0.1.37-6.module+el8.1.0+4876+e678a192
  • skopeo-debuginfo-1:0.1.37-6.module+el8.1.0+4876+e678a192
  • skopeo-debugsource-1:0.1.37-6.module+el8.1.0+4876+e678a192
  • skopeo-tests-1:0.1.37-6.module+el8.1.0+4876+e678a192
  • slirp4netns-0:0.3.0-4.module+el8.1.0+4306+1d917805
  • slirp4netns-debuginfo-0:0.3.0-4.module+el8.1.0+4306+1d917805
  • slirp4netns-debugsource-0:0.3.0-4.module+el8.1.0+4306+1d917805
  • toolbox-0:0.0.4-1.module+el8.1.0+4081+b29780af
  • docker-2:1.13.1-161.git64e9980.el7_8
  • docker-client-2:1.13.1-161.git64e9980.el7_8
  • docker-common-2:1.13.1-161.git64e9980.el7_8
  • docker-debuginfo-2:1.13.1-161.git64e9980.el7_8
  • docker-logrotate-2:1.13.1-161.git64e9980.el7_8
  • docker-lvm-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-novolume-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-rhel-push-plugin-2:1.13.1-161.git64e9980.el7_8
  • docker-v1.10-migrator-2:1.13.1-161.git64e9980.el7_8

References