Vulnerabilities > CVE-2019-19921 - Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products

047910
CVSS 7.0 - HIGH
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging/Manipulating Configuration File Search Paths
    This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.
  • DLL Search Order Hijacking
    The attacker exploits the functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories (e.g., System32). Exploitation of this preferential search order can allow an attacker to make the loading process load the attackers' rogue DLL rather than the legitimate DLL. For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers' malware is guaranteed to execute. This attack can be leveraged with many different DLLs and with many different loading processes. No forensic trails are left in the system's registry or file system that an incorrect DLL had been loaded.
  • Passing Local Filenames to Functions That Expect a URL
    This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-B2C1F6CC75.NASL
    descriptionResolves: #1796107, #1796109 - Security fix for CVE-2019-19921 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-10
    plugin id133581
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133581
    titleFedora 30 : 2:runc (2020-b2c1f6cc75)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2020-b2c1f6cc75.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133581);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2019-19921");
      script_xref(name:"FEDORA", value:"2020-b2c1f6cc75");
    
      script_name(english:"Fedora 30 : 2:runc (2020-b2c1f6cc75)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Resolves: #1796107, #1796109 - Security fix for CVE-2019-19921
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-b2c1f6cc75"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:runc package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19921");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:runc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"runc-1.0.0-102.dev.gitdc9208a.fc30", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:runc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2020-1358.NASL
    descriptionrunc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) (CVE-2019-19921)
    last seen2020-04-30
    modified2020-04-24
    plugin id135934
    published2020-04-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135934
    titleAmazon Linux AMI : runc (ALAS-2020-1358)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2020-1358.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135934);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/28");
    
      script_cve_id("CVE-2019-19921");
      script_xref(name:"ALAS", value:"2020-1358");
    
      script_name(english:"Amazon Linux AMI : runc (ALAS-2020-1358)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "runc through 1.0.0-rc9 has Incorrect Access Control leading to
    Escalation of Privileges, related to libcontainer/rootfs_linux.go. To
    exploit this, an attacker must be able to spawn two containers with
    custom volume-mount configurations, and be able to run custom images.
    (This vulnerability does not affect Docker due to an implementation
    detail that happens to block the attack.) (CVE-2019-19921)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2020-1358.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update runc' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"runc-1.0.0-0.1.20200204.gitdc9208a.1.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"runc-debuginfo-1.0.0-0.1.20200204.gitdc9208a.1.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc / runc-debuginfo");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0688.NASL
    descriptionRed Hat OpenShift Container Platform release 4.2.22 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-03-18
    modified2020-03-11
    plugin id134391
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134391
    titleRHEL 8 : OpenShift Container Platform 4.2.22 runc (RHSA-2020:0688)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0688. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134391);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id("CVE-2019-19921");
      script_xref(name:"RHSA", value:"2020:0688");
    
      script_name(english:"RHEL 8 : OpenShift Container Platform 4.2.22 runc (RHSA-2020:0688)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Red Hat OpenShift Container Platform release 4.2.22 is now available
    with updates to packages and images that fix several bugs and add
    enhancements.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Red Hat OpenShift Container Platform is Red Hat's cloud computing
    Kubernetes application platform solution designed for on-premise or
    private cloud deployments.
    
    Security Fix(es) :
    
    * runc: volume mount race condition with shared mounts led to
    information leak/integrity manipulation (CVE-2019-19921)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0688"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-19921"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected runc, runc-debuginfo and / or runc-debugsource
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0688";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"runc-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"runc-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"runc-debuginfo-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"runc-debuginfo-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"runc-debugsource-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"runc-debugsource-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc / runc-debuginfo / runc-debugsource");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0942.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0942 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-03-24
    plugin id134836
    published2020-03-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134836
    titleRHEL 7 : runc (RHSA-2020:0942)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1650.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1650 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-21
    modified2020-04-28
    plugin id136053
    published2020-04-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136053
    titleRHEL 8 : container-tools:rhel8 (RHSA-2020:1650)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0375-1.NASL
    descriptionThis update for docker-runc fixes the following issues : CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-10
    plugin id133602
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133602
    titleSUSE SLED15 / SLES15 Security Update : docker-runc (SUSE-SU-2020:0375-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4297-1.NASL
    descriptionIt was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-16884) It was discovered that runC incorrectly performed access control. An attacker could possibly use this issue to escalate privileges. (CVE-2019-19921). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-03-10
    plugin id134367
    published2020-03-10
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134367
    titleUbuntu 18.04 LTS / 19.10 : runc vulnerabilities (USN-4297-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0102_RUNC.NASL
    descriptionAn update of the runc package has been released.
    last seen2020-06-10
    modified2020-06-07
    plugin id137201
    published2020-06-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137201
    titlePhoton OS 3.0: Runc PHSA-2020-3.0-0102
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-21 (runC: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact : An attacker, by running a malicious Docker image, could escape the container, bypass security restrictions, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134598
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134598
    titleGLSA-202003-21 : runC: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-46ECC60897.NASL
    descriptionResolves: #1796107, #1796109 - Security fix for CVE-2019-19921 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-10
    plugin id133569
    published2020-02-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133569
    titleFedora 31 : 2:runc (2020-46ecc60897)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0695.NASL
    descriptionRed Hat OpenShift Container Platform release 4.1.38 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id134557
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134557
    titleRHEL 8 : OpenShift Container Platform 4.1.38 (RHSA-2020:0695)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0944-1.NASL
    descriptionThis update for runc fixes the following issues : runc was updated to v1.0.0~rc10 CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-16
    modified2020-04-08
    plugin id135281
    published2020-04-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135281
    titleSUSE SLES15 Security Update : runc (SUSE-SU-2020:0944-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-219.NASL
    descriptionThis update for docker-runc fixes the following issues : - CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-03-18
    modified2020-02-14
    plugin id133714
    published2020-02-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133714
    titleopenSUSE Security Update : docker-runc (openSUSE-2020-219)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1485.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1485 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-30
    modified2020-04-21
    plugin id135769
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135769
    titleRHEL 7 : OpenShift Container Platform 4.3.13 runc (RHSA-2020:1485)

Redhat

advisories
  • rhsa
    idRHSA-2020:0688
  • rhsa
    idRHSA-2020:0695
rpms
  • runc-0:1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8
  • runc-debuginfo-0:1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8
  • runc-debugsource-0:1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8
  • runc-0:1.0.0-63.rc8.rhaos4.1.git3cbe540.el8_0
  • runc-debuginfo-0:1.0.0-63.rc8.rhaos4.1.git3cbe540.el8_0
  • runc-debugsource-0:1.0.0-63.rc8.rhaos4.1.git3cbe540.el8_0
  • runc-0:1.0.0-66.rc8.el7_7
  • runc-debuginfo-0:1.0.0-66.rc8.el7_7
  • runc-0:1.0.0-66.rc10.rhaos4.3.el7_8
  • runc-debuginfo-0:1.0.0-66.rc10.rhaos4.3.el7_8
  • buildah-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-debuginfo-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-debugsource-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-tests-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • buildah-tests-debuginfo-0:1.11.6-7.module+el8.2.0+5856+b8046c6d
  • cockpit-podman-0:12-1.module+el8.2.0+5950+6d183a6a
  • conmon-2:2.0.6-1.module+el8.2.0+5182+3136e5d4
  • container-selinux-2:2.124.0-1.module+el8.2.0+5182+3136e5d4
  • containernetworking-plugins-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containernetworking-plugins-debuginfo-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containernetworking-plugins-debugsource-0:0.8.3-5.module+el8.2.0+5201+6b31f0d9
  • containers-common-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • crit-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-debuginfo-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • criu-debugsource-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • fuse-overlayfs-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • fuse-overlayfs-debuginfo-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • fuse-overlayfs-debugsource-0:0.7.2-5.module+el8.2.0+6060+9dbc027d
  • podman-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-debuginfo-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-debugsource-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-docker-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-remote-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-remote-debuginfo-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • podman-tests-0:1.6.4-10.module+el8.2.0+6063+e761893a
  • python-podman-api-0:1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9
  • python3-criu-0:3.12-9.module+el8.2.0+5029+3ac48e7d
  • runc-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • runc-debuginfo-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • runc-debugsource-0:1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb
  • skopeo-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-debuginfo-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-debugsource-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • skopeo-tests-1:0.1.40-10.module+el8.2.0+5955+6cd70ceb
  • slirp4netns-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • slirp4netns-debuginfo-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • slirp4netns-debugsource-0:0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d
  • toolbox-0:0.0.7-1.module+el8.2.0+6096+9c3f08f3
  • udica-0:0.2.1-2.module+el8.2.0+4896+8f613c81

References