Vulnerabilities > CVE-2019-19921 - Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Linuxfoundation
| 22 |
| Application | 2 | |
| OS | 2 | |
| OS | 1 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging/Manipulating Configuration File Search Paths This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.
- DLL Search Order Hijacking The attacker exploits the functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories (e.g., System32). Exploitation of this preferential search order can allow an attacker to make the loading process load the attackers' rogue DLL rather than the legitimate DLL. For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers' malware is guaranteed to execute. This attack can be leveraged with many different DLLs and with many different loading processes. No forensic trails are left in the system's registry or file system that an incorrect DLL had been loaded.
- Passing Local Filenames to Functions That Expect a URL This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2020-B2C1F6CC75.NASL description Resolves: #1796107, #1796109 - Security fix for CVE-2019-19921 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-10 plugin id 133581 published 2020-02-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133581 title Fedora 30 : 2:runc (2020-b2c1f6cc75) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2020-b2c1f6cc75. # include("compat.inc"); if (description) { script_id(133581); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2019-19921"); script_xref(name:"FEDORA", value:"2020-b2c1f6cc75"); script_name(english:"Fedora 30 : 2:runc (2020-b2c1f6cc75)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Resolves: #1796107, #1796109 - Security fix for CVE-2019-19921 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-b2c1f6cc75" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:runc package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19921"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:runc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"runc-1.0.0-102.dev.gitdc9208a.fc30", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:runc"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1358.NASL description runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) (CVE-2019-19921) last seen 2020-04-30 modified 2020-04-24 plugin id 135934 published 2020-04-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135934 title Amazon Linux AMI : runc (ALAS-2020-1358) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2020-1358. # include("compat.inc"); if (description) { script_id(135934); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/28"); script_cve_id("CVE-2019-19921"); script_xref(name:"ALAS", value:"2020-1358"); script_name(english:"Amazon Linux AMI : runc (ALAS-2020-1358)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) (CVE-2019-19921)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1358.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update runc' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", cpu:"x86_64", reference:"runc-1.0.0-0.1.20200204.gitdc9208a.1.amzn1")) flag++; if (rpm_check(release:"ALA", cpu:"x86_64", reference:"runc-debuginfo-1.0.0-0.1.20200204.gitdc9208a.1.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc / runc-debuginfo"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0688.NASL description Red Hat OpenShift Container Platform release 4.2.22 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-03-18 modified 2020-03-11 plugin id 134391 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134391 title RHEL 8 : OpenShift Container Platform 4.2.22 runc (RHSA-2020:0688) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0688. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(134391); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13"); script_cve_id("CVE-2019-19921"); script_xref(name:"RHSA", value:"2020:0688"); script_name(english:"RHEL 8 : OpenShift Container Platform 4.2.22 runc (RHSA-2020:0688)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Red Hat OpenShift Container Platform release 4.2.22 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es) : * runc: volume mount race condition with shared mounts led to information leak/integrity manipulation (CVE-2019-19921) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0688" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-19921" ); script_set_attribute( attribute:"solution", value: "Update the affected runc, runc-debuginfo and / or runc-debugsource packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2020:0688"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"runc-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"runc-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"runc-debuginfo-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"runc-debuginfo-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"runc-debugsource-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++; if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"runc-debugsource-1.0.0-63.rc10.rhaos4.2.gitdc9208a.el8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc / runc-debuginfo / runc-debugsource"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0942.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0942 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-03-24 plugin id 134836 published 2020-03-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134836 title RHEL 7 : runc (RHSA-2020:0942) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1650.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1650 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-21 modified 2020-04-28 plugin id 136053 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136053 title RHEL 8 : container-tools:rhel8 (RHSA-2020:1650) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0375-1.NASL description This update for docker-runc fixes the following issues : CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-10 plugin id 133602 published 2020-02-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133602 title SUSE SLED15 / SLES15 Security Update : docker-runc (SUSE-SU-2020:0375-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4297-1.NASL description It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-16884) It was discovered that runC incorrectly performed access control. An attacker could possibly use this issue to escalate privileges. (CVE-2019-19921). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-03-10 plugin id 134367 published 2020-03-10 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134367 title Ubuntu 18.04 LTS / 19.10 : runc vulnerabilities (USN-4297-1) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-3_0-0102_RUNC.NASL description An update of the runc package has been released. last seen 2020-06-10 modified 2020-06-07 plugin id 137201 published 2020-06-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137201 title Photon OS 3.0: Runc PHSA-2020-3.0-0102 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-21.NASL description The remote host is affected by the vulnerability described in GLSA-202003-21 (runC: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact : An attacker, by running a malicious Docker image, could escape the container, bypass security restrictions, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134598 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134598 title GLSA-202003-21 : runC: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2020-46ECC60897.NASL description Resolves: #1796107, #1796109 - Security fix for CVE-2019-19921 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2020-02-10 plugin id 133569 published 2020-02-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133569 title Fedora 31 : 2:runc (2020-46ecc60897) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0695.NASL description Red Hat OpenShift Container Platform release 4.1.38 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 134557 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134557 title RHEL 8 : OpenShift Container Platform 4.1.38 (RHSA-2020:0695) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0944-1.NASL description This update for runc fixes the following issues : runc was updated to v1.0.0~rc10 CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452). Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-16 modified 2020-04-08 plugin id 135281 published 2020-04-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135281 title SUSE SLES15 Security Update : runc (SUSE-SU-2020:0944-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-219.NASL description This update for docker-runc fixes the following issues : - CVE-2019-19921: Fixed a volume mount race condition with shared mounts (bsc#1160452). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-03-18 modified 2020-02-14 plugin id 133714 published 2020-02-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133714 title openSUSE Security Update : docker-runc (openSUSE-2020-219) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1485.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1485 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-30 modified 2020-04-21 plugin id 135769 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135769 title RHEL 7 : OpenShift Container Platform 4.3.13 runc (RHSA-2020:1485)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- https://github.com/opencontainers/runc/issues/2197
- https://github.com/opencontainers/runc/pull/2190
- https://security-tracker.debian.org/tracker/CVE-2019-19921
- https://github.com/opencontainers/runc/releases
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
- https://access.redhat.com/errata/RHSA-2020:0688
- https://access.redhat.com/errata/RHSA-2020:0695
- https://security.gentoo.org/glsa/202003-21
- https://usn.ubuntu.com/4297-1/
- https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/