Vulnerabilities > CVE-2019-5736 - OS Command Injection vulnerability in multiple products

047910
CVSS 8.6 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Vulnerable Configurations

Part Description Count
Application
Docker
290
Application
Linuxfoundation
19
Application
Redhat
5
Application
Google
1
Application
Linuxcontainers
81
Application
Hp
1
Application
Netapp
2
Application
Apache
39
Application
Opensuse
2
Application
D2Iq
4
Application
Microfocus
4
OS
Redhat
2
OS
Opensuse
3
OS
D2Iq
41
OS
Fedoraproject
2
OS
Canonical
4

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
  • Command Delimiters
    An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
  • Exploiting Multiple Input Interpretation Layers
    An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
  • Argument Injection
    An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
  • OS Command Injection
    In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.

Exploit-Db

  • fileexploits/linux/local/46369.md
    idEDB-ID:46369
    last seen2019-02-14
    modified2019-02-13
    platformlinux
    port
    published2019-02-13
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46369
    titlerunc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
    typelocal
  • fileexploits/linux/local/46359.md
    idEDB-ID:46359
    last seen2019-02-12
    modified2019-02-12
    platformlinux
    port
    published2019-02-12
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/46359
    titlerunc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
    typelocal

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-295.NASL
    descriptionThis update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of
    last seen2020-06-01
    modified2020-06-02
    plugin id122660
    published2019-03-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122660
    titleopenSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-295.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122660);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id("CVE-2018-16873", "CVE-2018-16874", "CVE-2018-16875", "CVE-2019-5736");
    
      script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)");
      script_summary(english:"Check for the openSUSE-2019-295 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for containerd, docker, docker-runc,
    golang-github-docker-libnetwork, runc fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2018-16875: Fixed a CPU Denial of Service
        (bsc#1118899).
    
      - CVE-2018-16874: Fixed a vulnerabity in go get command
        which could allow directory traversal in GOPATH mode
        (bsc#1118898).
    
      - CVE-2018-16873: Fixed a vulnerability in go get command
        which could allow remote code execution when executed
        with -u in GOPATH mode (bsc#1118897).
    
      - CVE-2019-5736: Effectively copying /proc/self/exe during
        re-exec to avoid write attacks to the host runc binary,
        which could lead to a container breakout (bsc#1121967).
    
    Other changes and fixes :
    
      - Update shell completion to use Group: System/Shells.
    
      - Add daemon.json file with rotation logs configuration
        (bsc#1114832)
    
      - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc
        96ec2177ae84. See upstream changelog in the packaged
        /usr/share/doc/packages/docker/CHANGELOG.md.
    
      - Update go requirements to >= go1.10 
    
      - Use -buildmode=pie for tests and binary build
        (bsc#1048046 and bsc#1051429).
    
      - Remove the usage of 'cp -r' to reduce noise in the build
        logs.
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124308"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected containerd / docker / docker-runc / etc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"containerd-1.2.2-lp150.4.10.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"containerd-ctr-1.2.2-lp150.4.10.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"containerd-test-1.2.2-lp150.4.10.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-18.09.1_ce-lp150.5.13.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-bash-completion-18.09.1_ce-lp150.5.13.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-debugsource-18.09.1_ce-lp150.5.13.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-test-18.09.1_ce-lp150.5.13.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-test-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-zsh-completion-18.09.1_ce-lp150.5.13.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"runc-1.0.0~rc6-lp150.2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"runc-debuginfo-1.0.0~rc6-lp150.2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"runc-test-1.0.0~rc6-lp150.2.7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / docker-runc / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6174B47003.NASL
    descriptionThis runc version should fix the keycreate issues on SELinux disabled machines. ---- Latest upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124570
    published2019-05-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124570
    titleFedora 29 : 2:runc (2019-6174b47003)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-6174b47003.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124570);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/23 11:21:10");
    
      script_cve_id("CVE-2019-5736");
      script_xref(name:"FEDORA", value:"2019-6174b47003");
    
      script_name(english:"Fedora 29 : 2:runc (2019-6174b47003)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This runc version should fix the keycreate issues on SELinux disabled
    machines.
    
    ----
    
    Latest upstream
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6174b47003"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 2:runc package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:runc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"runc-1.0.0-92.dev.gitc1b8c57.fc29", epoch:"2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:runc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A5F616808E.NASL
    descriptionUpdate to 1.0.7 Fixes related to CVE-2019-5736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122523
    published2019-03-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122523
    titleFedora 28 : flatpak (2019-a5f616808e)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-a5f616808e.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122523);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/23 11:21:11");
    
      script_cve_id("CVE-2019-5736", "CVE-2019-8308");
      script_xref(name:"FEDORA", value:"2019-a5f616808e");
    
      script_name(english:"Fedora 28 : flatpak (2019-a5f616808e)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 1.0.7
    
    Fixes related to CVE-2019-5736.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a5f616808e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected flatpak package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:flatpak");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"flatpak-1.0.7-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flatpak");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4048-1.NASL
    descriptionAleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126564
    published2019-07-09
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126564
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4048-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126564);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/18 12:31:49");
    
      script_cve_id("CVE-2018-15664", "CVE-2019-5736");
      script_xref(name:"USN", value:"4048-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Aleksa Sarai discovered that Docker was vulnerable to a directory
    traversal attack. An attacker could use this vulnerability to read and
    write arbitrary files on the host filesystem as root.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4048-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected docker.io package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:docker.io");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~16.04.4")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~18.04.3")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~18.10.3")) flag++;
    if (ubuntu_check(osver:"19.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~19.04.4")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker.io");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-C1DAC1B3B8.NASL
    descriptionUpdate LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas ed/5080). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128579
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128579
    titleFedora 29 : lxc / lxcfs / python3-lxc (2019-c1dac1b3b8)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-c1dac1b3b8.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128579);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/24 11:01:32");
    
      script_cve_id("CVE-2019-5736");
      script_xref(name:"FEDORA", value:"2019-c1dac1b3b8");
    
      script_name(english:"Fedora 29 : lxc / lxcfs / python3-lxc (2019-c1dac1b3b8)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update LXC to version 3.0.4.
    
    The release announcement can be found
    [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas
    ed/5080).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c1dac1b3b8"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected lxc, lxcfs and / or python3-lxc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lxc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lxcfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3-lxc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"lxc-3.0.4-1.fc29")) flag++;
    if (rpm_check(release:"FC29", reference:"lxcfs-3.0.4-1.fc29")) flag++;
    if (rpm_check(release:"FC29", reference:"python3-lxc-3.0.4-1.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lxc / lxcfs / python3-lxc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_DOCKER_CVE-2019-5736.NASL
    descriptionAn update for runc is now available for CentOS 7 Extras. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736)
    last seen2020-06-01
    modified2020-06-02
    plugin id130262
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130262
    titleCentos 7 : runc
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130262);
      script_version("1.1");
      script_cvs_date("Date: 2019/10/25 11:11:33");
    
      script_cve_id("CVE-2019-5736");
    
      script_name(english:"Centos 7 : runc");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." );
      script_set_attribute(attribute:"description", value:
    "An update for runc is now available for CentOS 7 Extras.
    
    The runC tool is a lightweight, portable implementation of the Open
    Container Format (OCF) that provides container runtime.
    
    A flaw was found in the way runc handled system file descriptors
    when running containers. A malicious container could use this flaw to
    overwrite contents of the runc binary and consequently run arbitrary
    commands on the container host system. (CVE-2019-5736)
    ");
      script_set_attribute(attribute:"see_also", value:"https://cbs.centos.org/koji/buildinfo?buildID=25136");
      script_set_attribute(attribute:"see_also", value:"https://cbs.centos.org/koji/buildinfo?buildID=25171");
      # https://www.docker.com/blog/docker-security-update-cve-2018-5736-and-container-security-best-practices/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?122b4713");
      script_set_attribute(attribute:"solution", value:"Update the affected runc, docker, and / or docker-ce packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5736");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:runc");
      
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"docker-ce-18.09.2-3.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"docker-1.13.1-92.gitb2f74b2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"runc-1.0.0-60.dev.git2abd837.el7")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc / docker-ce");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-252.NASL
    descriptionThis update for docker-runc fixes the following issues: &#9; Security issue fixed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122494
    published2019-02-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122494
    titleopenSUSE Security Update : docker-runc (openSUSE-2019-252)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-252.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122494);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id("CVE-2019-5736");
    
      script_name(english:"openSUSE Security Update : docker-runc (openSUSE-2019-252)");
      script_summary(english:"Check for the openSUSE-2019-252 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for docker-runc fixes the following issues: &#9; Security
    issue fixed :
    
      - CVE-2019-5736: Effectively copying /proc/self/exe during
        re-exec to avoid write attacks to the host runc binary,
        which could lead to a container breakout (bsc#1121967)
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected docker-runc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker-runc / docker-runc-debuginfo / docker-runc-test");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-352D4B9CD8.NASL
    descriptionCVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122277
    published2019-02-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122277
    titleFedora 29 : moby-engine (2019-352d4b9cd8)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-352d4b9cd8.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122277);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/23 11:21:10");
    
      script_cve_id("CVE-2019-5736");
      script_xref(name:"FEDORA", value:"2019-352d4b9cd8");
    
      script_name(english:"Fedora 29 : moby-engine (2019-352d4b9cd8)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2019-5736
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-352d4b9cd8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected moby-engine package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moby-engine");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"moby-engine-18.06.0-2.ce.git0ffa825.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moby-engine");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1499.NASL
    descriptionThis update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125697
    published2019-06-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125697
    titleopenSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-1499.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125697);
      script_version("1.2");
      script_cvs_date("Date: 2019/06/07  9:45:02");
    
      script_cve_id("CVE-2018-16873", "CVE-2018-16874", "CVE-2018-16875", "CVE-2019-5736", "CVE-2019-6486");
    
      script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499)");
      script_summary(english:"Check for the openSUSE-2019-1499 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for containerd, docker, docker-runc, go, go1.11, go1.12,
    golang-github-docker-libnetwork fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2019-5736: containerd: Fixing container breakout
        vulnerability (bsc#1121967).
    
      - CVE-2019-6486: go security release, fixing
        crypto/elliptic CPU DoS vulnerability affecting P-521
        and P-384 (bsc#1123013).
    
      - CVE-2018-16873: go secuirty release, fixing cmd/go
        remote command execution (bsc#1118897).
    
      - CVE-2018-16874: go security release, fixing cmd/go
        directory traversal (bsc#1118898).
    
      - CVE-2018-16875: go security release, fixing crypto/x509
        CPU denial of service (bsc#1118899).
    
    Other changes and bug fixes :
    
      - Update to containerd v1.2.5, which is required for
        v18.09.5-ce (bsc#1128376, bsc#1134068).
    
      - Update to runc 2b18fe1d885e, which is required for
        Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
    
      - Update to Docker 18.09.5-ce see upstream changelog in
        the packaged (bsc#1128376, bsc#1134068).
    
      - docker-test: Improvements to test packaging
        (bsc#1128746).
    
      - Move daemon.json file to /etc/docker directory
        (bsc#1114832).
    
      - Revert golang(API) removal since it turns out this
        breaks >= requires in certain cases (bsc#1114209).
    
      - Fix go build failures (bsc#1121397).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114209"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121397"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134068"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected containerd / docker / docker-runc / etc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go-race");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.11-race");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.12-race");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"containerd-test-1.2.5-lp150.4.14.3") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-bash-completion-18.09.6_ce-lp150.5.17.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"docker-zsh-completion-18.09.6_ce-lp150.5.17.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"go-1.12-lp150.2.11.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"containerd-1.2.5-lp150.4.14.3") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"containerd-ctr-1.2.5-lp150.4.14.3") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-18.09.6_ce-lp150.5.17.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-debuginfo-18.09.6_ce-lp150.5.17.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-debugsource-18.09.6_ce-lp150.5.17.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-test-18.09.6_ce-lp150.5.17.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-test-debuginfo-18.09.6_ce-lp150.5.17.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go-race-1.12-lp150.2.11.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.11-1.11.9-lp150.9.3") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.11-race-1.11.9-lp150.9.3") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.12-1.12.4-lp150.2.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.12-race-1.12.4-lp150.2.2") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / docker-runc / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0362-1.NASL
    descriptionThis update for docker-runc fixes the following issues : Security issue fixed : CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122182
    published2019-02-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122182
    titleSUSE SLES15 Security Update : docker-runc (SUSE-SU-2019:0362-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2245.NASL
    descriptionThis update for lxc fixes the following issues : Update to lxc 3.2.1. The changelog can be found at https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322 + seccomp: support syscall forwarding to userspace + add lxc.seccomp.allow_nesting + pidfd: Add initial support for the new pidfd api - Many hardening improvements. - Use /sys/kernel/cgroup/delegate file for cgroup v2. - Fix CVE-2019-5736 equivalent bug. - fix apparmor dropin to be compatible with LXC 3.1.0 (boo#1131762)
    last seen2020-06-01
    modified2020-06-02
    plugin id129580
    published2019-10-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129580
    titleopenSUSE Security Update : lxc (openSUSE-2019-2245)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-2BAA1F7B19.NASL
    descriptionUpdate LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas ed/5080). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128564
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128564
    titleFedora 30 : lxc / lxcfs / python3-lxc (2019-2baa1f7b19)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2117-1.NASL
    descriptionThis update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127884
    published2019-08-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127884
    titleSUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2019:2117-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-963EA958F9.NASL
    descriptionSecurity fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122356
    published2019-02-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122356
    titleFedora 28 : 2:runc (2019-963ea958f9)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-FD9345F44A.NASL
    descriptionUpdate to 1.2.3 Fixes security vulnerability related to CVE-2019-5736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122139
    published2019-02-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122139
    titleFedora 29 : flatpak (2019-fd9345f44a)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-DF2E68AA6B.NASL
    descriptionSecurity fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122199
    published2019-02-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122199
    titleFedora 29 : 2:docker (2019-df2e68aa6b)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-3F19F13ECD.NASL
    descriptionSecurity fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122197
    published2019-02-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122197
    titleFedora 29 : 2:runc (2019-3f19f13ecd)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1444.NASL
    descriptionThis update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125452
    published2019-05-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125452
    titleopenSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1444)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0495-1.NASL
    descriptionThis update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: Update shell completion to use Group: System/Shells. Add daemon.json file with rotation logs configuration (bsc#1114832) Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. Update go requirements to >= go1.10 Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). Remove the usage of
    last seen2020-06-01
    modified2020-06-02
    plugin id122472
    published2019-02-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122472
    titleSUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (SUSE-SU-2019:0495-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-201.NASL
    descriptionThis update for docker-runc fixes the following issues : Security issue fixed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122301
    published2019-02-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122301
    titleopenSUSE Security Update : docker-runc (openSUSE-2019-201)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1275.NASL
    descriptionThis update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed : - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762)
    last seen2020-06-01
    modified2020-06-02
    plugin id124312
    published2019-04-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124312
    titleopenSUSE Security Update : lxc / lxcfs (openSUSE-2019-1275)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-BC70B381AD.NASL
    descriptionThis runc version should fix the keycreate issues on SELinux disabled machines. ---- Latest upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124575
    published2019-05-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124575
    titleFedora 30 : 2:runc (2019-bc70b381ad)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-F455EF79B8.NASL
    descriptionSecurity fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122358
    published2019-02-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122358
    titleFedora 28 : 2:docker (2019-f455ef79b8)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0304.NASL
    descriptionAn update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Docker is an open source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Additional details about this flaw, including mitigation information, can be found in the vulnerability article linked from the Reference section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id122111
    published2019-02-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122111
    titleRHEL 7 : docker (RHSA-2019:0304)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0975.NASL
    descriptionAn update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [stream rhel8] rebase container-selinux to 2.94 (BZ#1693675) * [stream rhel8] unable to mount disk at `/var/lib/containers` via `systemd` unit when `container-selinux` policy installed (BZ#1695669) * [stream rhel8] don
    last seen2020-05-23
    modified2019-05-07
    plugin id124666
    published2019-05-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124666
    titleRHEL 8 : container-tools:rhel8 (RHSA-2019:0975)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-208.NASL
    descriptionThis update for runc fixes the following issues : Security vulnerablities addressed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) - CVE-2018-16873: Fix a remote command execution during
    last seen2020-06-01
    modified2020-06-02
    plugin id122338
    published2019-02-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122338
    titleopenSUSE Security Update : runc (openSUSE-2019-208)
  • NASL familyMisc.
    NASL idRANCHEROS_1_5_1.NASL
    descriptionThe remote host is running a version of RancherOS prior to v1.5.1, hences it is vulnerable to a Local Command Execution Vulnerability. Opencontainers runc is prone to a local command-execution vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root privileges. runc through 1.0-rc6 are vulnerable.
    last seen2020-06-01
    modified2020-06-02
    plugin id132255
    published2019-12-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132255
    titleSecurity Updates for RancherOS Local Command Execution Vulnerability
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0303.NASL
    descriptionAn update for runc is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Additional details about this flaw, including mitigation information, can be found in the vulnerability article linked from the Reference section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id122110
    published2019-02-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122110
    titleRHEL 7 : runc (RHSA-2019:0303)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-0975.NASL
    descriptionFrom Red Hat Security Advisory 2019:0975 : An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [stream rhel8] rebase container-selinux to 2.94 (BZ#1693675) * [stream rhel8] unable to mount disk at `/var/lib/containers` via `systemd` unit when `container-selinux` policy installed (BZ#1695669) * [stream rhel8] don
    last seen2020-06-01
    modified2020-06-02
    plugin id127569
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127569
    titleOracle Linux 8 : container-tools:rhel8 (ELSA-2019-0975)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2021.NASL
    descriptionThis update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc : - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd : - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork : - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128409
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128409
    titleopenSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-2021)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1156.NASL
    descriptionA vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed by creating a per-container copy of runc.(CVE-2019-5736)
    last seen2020-06-01
    modified2020-06-02
    plugin id122096
    published2019-02-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122096
    titleAmazon Linux AMI : docker (ALAS-2019-1156)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-008.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - It was discovered that a malicious user logged in to a Virtuozzo container could potentially overwrite the
    last seen2020-06-01
    modified2020-06-02
    plugin id133452
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133452
    titleVirtuozzo 7 : readykernel-patch (VZA-2019-008)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-829524F28F.NASL
    descriptionCVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122283
    published2019-02-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122283
    titleFedora 28 : moby-engine (2019-829524f28f)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1234-2.NASL
    descriptionThis update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). docker-test: Improvements to test packaging (bsc#1128746). Move daemon.json file to /etc/docker directory (bsc#1114832). Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). Fix go build failures (bsc#1121397). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125920
    published2019-06-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125920
    titleSUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (SUSE-SU-2019:1234-2)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-21 (runC: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact : An attacker, by running a malicious Docker image, could escape the container, bypass security restrictions, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134598
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134598
    titleGLSA-202003-21 : runC: Multiple vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1074.NASL
    descriptionAccording to the version of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-08
    plugin id122697
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122697
    titleEulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2019-1074)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1079.NASL
    descriptionThis update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and bug fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Disable leap based builds for kubic flavor (bsc#1121412). - Allow users to explicitly specify the NIS domain name of a container (bsc#1001161). - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980). - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of
    last seen2020-06-01
    modified2020-06-02
    plugin id123542
    published2019-04-01
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123542
    titleopenSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1079)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0408.NASL
    descriptionAn update is now available for Red Hat OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
    last seen2020-06-01
    modified2020-06-02
    plugin id122442
    published2019-02-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122442
    titleRHEL 7 : OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7 (RHSA-2019:0408)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-4DC1E39B34.NASL
    descriptionResolves: #1664908, #1676798 - Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122408
    published2019-02-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122408
    titleFedora 29 : 2:docker-latest (2019-4dc1e39b34)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1481.NASL
    descriptionThis update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed : - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762)
    last seen2020-06-01
    modified2020-06-02
    plugin id125668
    published2019-06-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125668
    titleopenSUSE Security Update : lxc / lxcfs (openSUSE-2019-1481)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1061.NASL
    descriptionAccording to the version of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-02-22
    plugin id122388
    published2019-02-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122388
    titleEulerOS 2.0 SP2 : docker-engine (EulerOS-SA-2019-1061)

Redhat

advisories
  • bugzilla
    id1695689
    title[stream rhel8] don't allow a container to connect to random services
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • commentModule container-tools:rhel8 is enabled
        ovaloval:com.redhat.rhsa:tst:20190975043
      • OR
        • AND
          • commentslirp4netns-debugsource is earlier than 0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975001
          • commentslirp4netns-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975002
        • AND
          • commentslirp4netns is earlier than 0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975003
          • commentslirp4netns is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975004
        • AND
          • commentskopeo-debugsource is earlier than 1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975005
          • commentskopeo-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975006
        • AND
          • commentskopeo is earlier than 1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975007
          • commentskopeo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975008
        • AND
          • commentrunc-debugsource is earlier than 0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
            ovaloval:com.redhat.rhsa:tst:20190975009
          • commentrunc-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975010
        • AND
          • commentrunc is earlier than 0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
            ovaloval:com.redhat.rhsa:tst:20190975011
          • commentrunc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975012
        • AND
          • commentpodman-debugsource is earlier than 0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975013
          • commentpodman-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975014
        • AND
          • commentpodman is earlier than 0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975015
          • commentpodman is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975016
        • AND
          • commentoci-umount-debugsource is earlier than 2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975017
          • commentoci-umount-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975018
        • AND
          • commentoci-umount is earlier than 2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975019
          • commentoci-umount is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975020
        • AND
          • commentoci-systemd-hook-debugsource is earlier than 1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975021
          • commentoci-systemd-hook-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975022
        • AND
          • commentoci-systemd-hook is earlier than 1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975023
          • commentoci-systemd-hook is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975024
        • AND
          • commentfuse-overlayfs-debugsource is earlier than 0:0.3-2.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975025
          • commentfuse-overlayfs-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975026
        • AND
          • commentfuse-overlayfs is earlier than 0:0.3-2.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975027
          • commentfuse-overlayfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975028
        • AND
          • commentcontainers-common is earlier than 1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975029
          • commentcontainers-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975030
        • AND
          • commentcontainernetworking-plugins-debugsource is earlier than 0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975031
          • commentcontainernetworking-plugins-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975032
        • AND
          • commentcontainernetworking-plugins is earlier than 0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975033
          • commentcontainernetworking-plugins is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975034
        • AND
          • commentbuildah-debugsource is earlier than 0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975035
          • commentbuildah-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975036
        • AND
          • commentbuildah is earlier than 0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975037
          • commentbuildah is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975038
        • AND
          • commentpodman-docker is earlier than 0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975039
          • commentpodman-docker is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975040
        • AND
          • commentcontainer-selinux is earlier than 2:2.94-1.git1e99f1d.module+el8.0.0+2958+4e823551
            ovaloval:com.redhat.rhsa:tst:20190975041
          • commentcontainer-selinux is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190975042
    rhsa
    idRHSA-2019:0975
    released2019-05-07
    severityImportant
    titleRHSA-2019:0975: container-tools:rhel8 security and bug fix update (Important)
  • rhsa
    idRHSA-2019:0303
  • rhsa
    idRHSA-2019:0304
  • rhsa
    idRHSA-2019:0401
  • rhsa
    idRHSA-2019:0408
rpms
  • runc-0:1.0.0-59.dev.git2abd837.el7
  • runc-debuginfo-0:1.0.0-59.dev.git2abd837.el7
  • docker-2:1.13.1-91.git07f3374.el7
  • docker-client-2:1.13.1-91.git07f3374.el7
  • docker-common-2:1.13.1-91.git07f3374.el7
  • docker-debuginfo-2:1.13.1-91.git07f3374.el7
  • docker-logrotate-2:1.13.1-91.git07f3374.el7
  • docker-lvm-plugin-2:1.13.1-91.git07f3374.el7
  • docker-novolume-plugin-2:1.13.1-91.git07f3374.el7
  • docker-rhel-push-plugin-2:1.13.1-91.git07f3374.el7
  • docker-v1.10-migrator-2:1.13.1-91.git07f3374.el7
  • docker-2:1.12.6-79.git5680db5.el7
  • docker-client-2:1.12.6-79.git5680db5.el7
  • docker-common-2:1.12.6-79.git5680db5.el7
  • docker-debuginfo-2:1.12.6-79.git5680db5.el7
  • docker-logrotate-2:1.12.6-79.git5680db5.el7
  • docker-lvm-plugin-2:1.12.6-79.git5680db5.el7
  • docker-novolume-plugin-2:1.12.6-79.git5680db5.el7
  • docker-rhel-push-plugin-2:1.12.6-79.git5680db5.el7
  • docker-unit-test-2:1.12.6-79.git5680db5.el7
  • docker-v1.10-migrator-2:1.12.6-79.git5680db5.el7
  • buildah-0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
  • buildah-debuginfo-0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
  • buildah-debugsource-0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
  • container-selinux-2:2.94-1.git1e99f1d.module+el8.0.0+2958+4e823551
  • containernetworking-plugins-0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
  • containernetworking-plugins-debuginfo-0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
  • containernetworking-plugins-debugsource-0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
  • containers-common-1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
  • fuse-overlayfs-0:0.3-2.module+el8.0.0+2958+4e823551
  • fuse-overlayfs-debuginfo-0:0.3-2.module+el8.0.0+2958+4e823551
  • fuse-overlayfs-debugsource-0:0.3-2.module+el8.0.0+2958+4e823551
  • oci-systemd-hook-1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
  • oci-systemd-hook-debuginfo-1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
  • oci-systemd-hook-debugsource-1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
  • oci-umount-2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
  • oci-umount-debuginfo-2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
  • oci-umount-debugsource-2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
  • podman-0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
  • podman-debuginfo-0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
  • podman-debugsource-0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
  • podman-docker-0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
  • runc-0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
  • runc-debuginfo-0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
  • runc-debugsource-0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
  • skopeo-1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
  • skopeo-debuginfo-1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
  • skopeo-debugsource-1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
  • slirp4netns-0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551
  • slirp4netns-debuginfo-0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551
  • slirp4netns-debugsource-0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551

The Hacker News

idTHN:B0FC327500C590C565FC4F46D8DCDD34
last seen2019-02-12
modified2019-02-12
published2019-02-12
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/02/linux-container-runc-docker.html
titleRunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts

References