Vulnerabilities > CVE-2019-5736 - OS Command Injection vulnerability in multiple products
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
- Command Delimiters An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
- Exploiting Multiple Input Interpretation Layers An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
- Argument Injection An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
- OS Command Injection In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
Exploit-Db
file exploits/linux/local/46369.md id EDB-ID:46369 last seen 2019-02-14 modified 2019-02-13 platform linux port published 2019-02-13 reporter Exploit-DB source https://www.exploit-db.com/download/46369 title runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2) type local file exploits/linux/local/46359.md id EDB-ID:46359 last seen 2019-02-12 modified 2019-02-12 platform linux port published 2019-02-12 reporter Exploit-DB source https://www.exploit-db.com/download/46359 title runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution type local
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-295.NASL description This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of last seen 2020-06-01 modified 2020-06-02 plugin id 122660 published 2019-03-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122660 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-295. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(122660); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2018-16873", "CVE-2018-16874", "CVE-2018-16875", "CVE-2019-5736"); script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)"); script_summary(english:"Check for the openSUSE-2019-295 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124308" ); script_set_attribute( attribute:"solution", value:"Update the affected containerd / docker / docker-runc / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"containerd-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"containerd-ctr-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"containerd-test-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-bash-completion-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-debugsource-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-test-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-test-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-zsh-completion-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-1.0.0~rc6-lp150.2.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-debuginfo-1.0.0~rc6-lp150.2.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-test-1.0.0~rc6-lp150.2.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / docker-runc / etc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-6174B47003.NASL description This runc version should fix the keycreate issues on SELinux disabled machines. ---- Latest upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124570 published 2019-05-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124570 title Fedora 29 : 2:runc (2019-6174b47003) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-6174b47003. # include("compat.inc"); if (description) { script_id(124570); script_version("1.3"); script_cvs_date("Date: 2019/09/23 11:21:10"); script_cve_id("CVE-2019-5736"); script_xref(name:"FEDORA", value:"2019-6174b47003"); script_name(english:"Fedora 29 : 2:runc (2019-6174b47003)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This runc version should fix the keycreate issues on SELinux disabled machines. ---- Latest upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6174b47003" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:runc package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:runc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"runc-1.0.0-92.dev.gitc1b8c57.fc29", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:runc"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-A5F616808E.NASL description Update to 1.0.7 Fixes related to CVE-2019-5736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122523 published 2019-03-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122523 title Fedora 28 : flatpak (2019-a5f616808e) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-a5f616808e. # include("compat.inc"); if (description) { script_id(122523); script_version("1.3"); script_cvs_date("Date: 2019/09/23 11:21:11"); script_cve_id("CVE-2019-5736", "CVE-2019-8308"); script_xref(name:"FEDORA", value:"2019-a5f616808e"); script_name(english:"Fedora 28 : flatpak (2019-a5f616808e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 1.0.7 Fixes related to CVE-2019-5736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a5f616808e" ); script_set_attribute( attribute:"solution", value:"Update the affected flatpak package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:flatpak"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"flatpak-1.0.7-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flatpak"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4048-1.NASL description Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126564 published 2019-07-09 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126564 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4048-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(126564); script_version("1.3"); script_cvs_date("Date: 2019/09/18 12:31:49"); script_cve_id("CVE-2018-15664", "CVE-2019-5736"); script_xref(name:"USN", value:"4048-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4048-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected docker.io package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:docker.io"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~16.04.4")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~18.04.3")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~18.10.3")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~19.04.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker.io"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-C1DAC1B3B8.NASL description Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas ed/5080). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128579 published 2019-09-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128579 title Fedora 29 : lxc / lxcfs / python3-lxc (2019-c1dac1b3b8) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-c1dac1b3b8. # include("compat.inc"); if (description) { script_id(128579); script_version("1.3"); script_cvs_date("Date: 2019/09/24 11:01:32"); script_cve_id("CVE-2019-5736"); script_xref(name:"FEDORA", value:"2019-c1dac1b3b8"); script_name(english:"Fedora 29 : lxc / lxcfs / python3-lxc (2019-c1dac1b3b8)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas ed/5080). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c1dac1b3b8" ); script_set_attribute( attribute:"see_also", value:"https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080" ); script_set_attribute( attribute:"solution", value:"Update the affected lxc, lxcfs and / or python3-lxc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lxcfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3-lxc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"lxc-3.0.4-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"lxcfs-3.0.4-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"python3-lxc-3.0.4-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lxc / lxcfs / python3-lxc"); }
NASL family CentOS Local Security Checks NASL id CENTOS_DOCKER_CVE-2019-5736.NASL description An update for runc is now available for CentOS 7 Extras. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) last seen 2020-06-01 modified 2020-06-02 plugin id 130262 published 2019-10-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130262 title Centos 7 : runc code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(130262); script_version("1.1"); script_cvs_date("Date: 2019/10/25 11:11:33"); script_cve_id("CVE-2019-5736"); script_name(english:"Centos 7 : runc"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute(attribute:"description", value: "An update for runc is now available for CentOS 7 Extras. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) "); script_set_attribute(attribute:"see_also", value:"https://cbs.centos.org/koji/buildinfo?buildID=25136"); script_set_attribute(attribute:"see_also", value:"https://cbs.centos.org/koji/buildinfo?buildID=25171"); # https://www.docker.com/blog/docker-security-update-cve-2018-5736-and-container-security-best-practices/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?122b4713"); script_set_attribute(attribute:"solution", value:"Update the affected runc, docker, and / or docker-ce packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5736"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:runc"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"docker-ce-18.09.2-3.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"docker-1.13.1-92.gitb2f74b2.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"runc-1.0.0-60.dev.git2abd837.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc / docker-ce"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-252.NASL description This update for docker-runc fixes the following issues: 	 Security issue fixed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 122494 published 2019-02-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122494 title openSUSE Security Update : docker-runc (openSUSE-2019-252) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-252. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(122494); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2019-5736"); script_name(english:"openSUSE Security Update : docker-runc (openSUSE-2019-252)"); script_summary(english:"Check for the openSUSE-2019-252 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for docker-runc fixes the following issues: 	 Security issue fixed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967" ); script_set_attribute( attribute:"solution", value:"Update the affected docker-runc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker-runc / docker-runc-debuginfo / docker-runc-test"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-352D4B9CD8.NASL description CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122277 published 2019-02-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122277 title Fedora 29 : moby-engine (2019-352d4b9cd8) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-352d4b9cd8. # include("compat.inc"); if (description) { script_id(122277); script_version("1.4"); script_cvs_date("Date: 2019/09/23 11:21:10"); script_cve_id("CVE-2019-5736"); script_xref(name:"FEDORA", value:"2019-352d4b9cd8"); script_name(english:"Fedora 29 : moby-engine (2019-352d4b9cd8)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-352d4b9cd8" ); script_set_attribute( attribute:"solution", value:"Update the affected moby-engine package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moby-engine"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"moby-engine-18.06.0-2.ce.git0ffa825.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moby-engine"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1499.NASL description This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125697 published 2019-06-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125697 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1499. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125697); script_version("1.2"); script_cvs_date("Date: 2019/06/07 9:45:02"); script_cve_id("CVE-2018-16873", "CVE-2018-16874", "CVE-2018-16875", "CVE-2019-5736", "CVE-2019-6486"); script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499)"); script_summary(english:"Check for the openSUSE-2019-1499 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114209" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121397" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128376" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128746" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134068" ); script_set_attribute( attribute:"solution", value:"Update the affected containerd / docker / docker-runc / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go-race"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.11-race"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.12-race"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"containerd-test-1.2.5-lp150.4.14.3") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-bash-completion-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-zsh-completion-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"go-1.12-lp150.2.11.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"containerd-1.2.5-lp150.4.14.3") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"containerd-ctr-1.2.5-lp150.4.14.3") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-debuginfo-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-debugsource-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-test-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-test-debuginfo-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go-race-1.12-lp150.2.11.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.11-1.11.9-lp150.9.3") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.11-race-1.11.9-lp150.9.3") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.12-1.12.4-lp150.2.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.12-race-1.12.4-lp150.2.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / docker-runc / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0362-1.NASL description This update for docker-runc fixes the following issues : Security issue fixed : CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122182 published 2019-02-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122182 title SUSE SLES15 Security Update : docker-runc (SUSE-SU-2019:0362-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2245.NASL description This update for lxc fixes the following issues : Update to lxc 3.2.1. The changelog can be found at https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322 + seccomp: support syscall forwarding to userspace + add lxc.seccomp.allow_nesting + pidfd: Add initial support for the new pidfd api - Many hardening improvements. - Use /sys/kernel/cgroup/delegate file for cgroup v2. - Fix CVE-2019-5736 equivalent bug. - fix apparmor dropin to be compatible with LXC 3.1.0 (boo#1131762) last seen 2020-06-01 modified 2020-06-02 plugin id 129580 published 2019-10-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129580 title openSUSE Security Update : lxc (openSUSE-2019-2245) NASL family Fedora Local Security Checks NASL id FEDORA_2019-2BAA1F7B19.NASL description Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas ed/5080). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128564 published 2019-09-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128564 title Fedora 30 : lxc / lxcfs / python3-lxc (2019-2baa1f7b19) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2117-1.NASL description This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127884 published 2019-08-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127884 title SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2019:2117-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-963EA958F9.NASL description Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122356 published 2019-02-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122356 title Fedora 28 : 2:runc (2019-963ea958f9) NASL family Fedora Local Security Checks NASL id FEDORA_2019-FD9345F44A.NASL description Update to 1.2.3 Fixes security vulnerability related to CVE-2019-5736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122139 published 2019-02-13 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122139 title Fedora 29 : flatpak (2019-fd9345f44a) NASL family Fedora Local Security Checks NASL id FEDORA_2019-DF2E68AA6B.NASL description Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122199 published 2019-02-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122199 title Fedora 29 : 2:docker (2019-df2e68aa6b) NASL family Fedora Local Security Checks NASL id FEDORA_2019-3F19F13ECD.NASL description Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122197 published 2019-02-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122197 title Fedora 29 : 2:runc (2019-3f19f13ecd) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1444.NASL description This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 125452 published 2019-05-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125452 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1444) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0495-1.NASL description This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: Update shell completion to use Group: System/Shells. Add daemon.json file with rotation logs configuration (bsc#1114832) Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. Update go requirements to >= go1.10 Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). Remove the usage of last seen 2020-06-01 modified 2020-06-02 plugin id 122472 published 2019-02-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122472 title SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (SUSE-SU-2019:0495-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-201.NASL description This update for docker-runc fixes the following issues : Security issue fixed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 122301 published 2019-02-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122301 title openSUSE Security Update : docker-runc (openSUSE-2019-201) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1275.NASL description This update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed : - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762) last seen 2020-06-01 modified 2020-06-02 plugin id 124312 published 2019-04-26 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124312 title openSUSE Security Update : lxc / lxcfs (openSUSE-2019-1275) NASL family Fedora Local Security Checks NASL id FEDORA_2019-BC70B381AD.NASL description This runc version should fix the keycreate issues on SELinux disabled machines. ---- Latest upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124575 published 2019-05-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124575 title Fedora 30 : 2:runc (2019-bc70b381ad) NASL family Fedora Local Security Checks NASL id FEDORA_2019-F455EF79B8.NASL description Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122358 published 2019-02-21 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122358 title Fedora 28 : 2:docker (2019-f455ef79b8) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0304.NASL description An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Docker is an open source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Additional details about this flaw, including mitigation information, can be found in the vulnerability article linked from the Reference section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 122111 published 2019-02-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122111 title RHEL 7 : docker (RHSA-2019:0304) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0975.NASL description An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [stream rhel8] rebase container-selinux to 2.94 (BZ#1693675) * [stream rhel8] unable to mount disk at `/var/lib/containers` via `systemd` unit when `container-selinux` policy installed (BZ#1695669) * [stream rhel8] don last seen 2020-05-23 modified 2019-05-07 plugin id 124666 published 2019-05-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124666 title RHEL 8 : container-tools:rhel8 (RHSA-2019:0975) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-208.NASL description This update for runc fixes the following issues : Security vulnerablities addressed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) - CVE-2018-16873: Fix a remote command execution during last seen 2020-06-01 modified 2020-06-02 plugin id 122338 published 2019-02-20 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122338 title openSUSE Security Update : runc (openSUSE-2019-208) NASL family Misc. NASL id RANCHEROS_1_5_1.NASL description The remote host is running a version of RancherOS prior to v1.5.1, hences it is vulnerable to a Local Command Execution Vulnerability. Opencontainers runc is prone to a local command-execution vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root privileges. runc through 1.0-rc6 are vulnerable. last seen 2020-06-01 modified 2020-06-02 plugin id 132255 published 2019-12-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132255 title Security Updates for RancherOS Local Command Execution Vulnerability NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0303.NASL description An update for runc is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Additional details about this flaw, including mitigation information, can be found in the vulnerability article linked from the Reference section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 122110 published 2019-02-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122110 title RHEL 7 : runc (RHSA-2019:0303) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0975.NASL description From Red Hat Security Advisory 2019:0975 : An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [stream rhel8] rebase container-selinux to 2.94 (BZ#1693675) * [stream rhel8] unable to mount disk at `/var/lib/containers` via `systemd` unit when `container-selinux` policy installed (BZ#1695669) * [stream rhel8] don last seen 2020-06-01 modified 2020-06-02 plugin id 127569 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127569 title Oracle Linux 8 : container-tools:rhel8 (ELSA-2019-0975) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2021.NASL description This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc : - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd : - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork : - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 128409 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128409 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-2021) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1156.NASL description A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed by creating a per-container copy of runc.(CVE-2019-5736) last seen 2020-06-01 modified 2020-06-02 plugin id 122096 published 2019-02-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122096 title Amazon Linux AMI : docker (ALAS-2019-1156) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZA-2019-008.NASL description According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - It was discovered that a malicious user logged in to a Virtuozzo container could potentially overwrite the last seen 2020-06-01 modified 2020-06-02 plugin id 133452 published 2020-02-04 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133452 title Virtuozzo 7 : readykernel-patch (VZA-2019-008) NASL family Fedora Local Security Checks NASL id FEDORA_2019-829524F28F.NASL description CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122283 published 2019-02-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122283 title Fedora 28 : moby-engine (2019-829524f28f) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1234-2.NASL description This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). docker-test: Improvements to test packaging (bsc#1128746). Move daemon.json file to /etc/docker directory (bsc#1114832). Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). Fix go build failures (bsc#1121397). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 125920 published 2019-06-14 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125920 title SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (SUSE-SU-2019:1234-2) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-21.NASL description The remote host is affected by the vulnerability described in GLSA-202003-21 (runC: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact : An attacker, by running a malicious Docker image, could escape the container, bypass security restrictions, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-16 plugin id 134598 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134598 title GLSA-202003-21 : runC: Multiple vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1074.NASL description According to the version of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-03-08 plugin id 122697 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122697 title EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2019-1074) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1079.NASL description This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and bug fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Disable leap based builds for kubic flavor (bsc#1121412). - Allow users to explicitly specify the NIS domain name of a container (bsc#1001161). - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980). - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of last seen 2020-06-01 modified 2020-06-02 plugin id 123542 published 2019-04-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123542 title openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1079) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0408.NASL description An update is now available for Red Hat OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 122442 published 2019-02-26 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122442 title RHEL 7 : OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7 (RHSA-2019:0408) NASL family Fedora Local Security Checks NASL id FEDORA_2019-4DC1E39B34.NASL description Resolves: #1664908, #1676798 - Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122408 published 2019-02-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122408 title Fedora 29 : 2:docker-latest (2019-4dc1e39b34) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1481.NASL description This update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed : - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762) last seen 2020-06-01 modified 2020-06-02 plugin id 125668 published 2019-06-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125668 title openSUSE Security Update : lxc / lxcfs (openSUSE-2019-1481) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1061.NASL description According to the version of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-02-22 plugin id 122388 published 2019-02-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122388 title EulerOS 2.0 SP2 : docker-engine (EulerOS-SA-2019-1061)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
The Hacker News
id | THN:B0FC327500C590C565FC4F46D8DCDD34 |
last seen | 2019-02-12 |
modified | 2019-02-12 |
published | 2019-02-12 |
reporter | The Hacker News |
source | https://thehackernews.com/2019/02/linux-container-runc-docker.html |
title | RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts |
Related news
References
- https://www.openwall.com/lists/oss-security/2019/02/11/2
- https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
- https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
- https://github.com/docker/docker-ce/releases/tag/v18.09.2
- https://access.redhat.com/security/vulnerabilities/runcescape
- https://access.redhat.com/security/cve/cve-2019-5736
- https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
- https://github.com/rancher/runc-cve
- https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
- https://brauner.github.io/2019/02/12/privileged-containers.html
- https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
- https://access.redhat.com/errata/RHSA-2019:0304
- https://access.redhat.com/errata/RHSA-2019:0303
- https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
- https://www.exploit-db.com/exploits/46359/
- http://www.securityfocus.com/bid/106976
- https://www.exploit-db.com/exploits/46369/
- https://github.com/q3k/cve-2019-5736-poc
- https://github.com/Frichetten/CVE-2019-5736-PoC
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
- https://www.synology.com/security/advisory/Synology_SA_19_06
- https://access.redhat.com/errata/RHSA-2019:0401
- https://access.redhat.com/errata/RHSA-2019:0408
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
- https://security.netapp.com/advisory/ntap-20190307-0008/
- http://www.openwall.com/lists/oss-security/2019/03/23/1
- https://bugzilla.suse.com/show_bug.cgi?id=1121967
- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
- https://access.redhat.com/errata/RHSA-2019:0975
- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- https://usn.ubuntu.com/4048-1/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
- http://www.openwall.com/lists/oss-security/2019/10/24/1
- http://www.openwall.com/lists/oss-security/2019/10/29/3
- https://security.gentoo.org/glsa/202003-21
- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
- https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
- https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
- https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
- https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
- https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
- http://www.openwall.com/lists/oss-security/2024/01/31/6
- http://www.openwall.com/lists/oss-security/2024/02/01/1
- http://www.openwall.com/lists/oss-security/2024/02/02/3