Vulnerabilities > CVE-2019-5736 - OS Command Injection vulnerability in multiple products

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Vulnerable Configurations

Part	Description	Count
Application	Docker Docker Docker - Docker Docker 0.1.0 Docker Docker 0.1.1 Docker Docker 0.1.2 Docker Docker 0.1.3 Docker Docker 0.1.4 Docker Docker 0.1.5 Docker Docker 0.1.6 Docker Docker 0.1.7 Docker Docker 0.1.8 Docker Docker 0.2.0 Docker Docker 0.2.1 Docker Docker 0.2.2 Docker Docker 0.3.0 Docker Docker 0.3.1 Docker Docker 0.3.2 Docker Docker 0.3.3 Docker Docker 0.3.4 Docker Docker 0.4.0 Docker Docker 0.4.1 Docker Docker 0.4.2 Docker Docker 0.4.3 Docker Docker 0.4.4 Docker Docker 0.4.5 Docker Docker 0.4.6 Docker Docker 0.4.7 Docker Docker 0.4.8 Docker Docker 0.5.0 Docker Docker 0.5.1 Docker Docker 0.5.2 Docker Docker 0.5.3 Docker Docker 0.6.0 Docker Docker 0.6.1 Docker Docker 0.6.2 Docker Docker 0.6.3 Docker Docker 0.6.4 Docker Docker 0.6.5 Docker Docker 0.6.6 Docker Docker 0.6.7 Docker Docker 0.7.0 Docker Docker 0.7.1 Docker Docker 0.7.2 Docker Docker 0.7.3 Docker Docker 0.7.4 Docker Docker 0.7.5 Docker Docker 0.7.6 Docker Docker 0.8.0 Docker Docker 0.8.1 Docker Docker 0.9.0 Docker Docker 0.9.1 Docker Docker 0.10. Docker Docker 0.10.0 Docker Docker 0.11. Docker Docker 0.11.0 Docker Docker 0.11.1 Docker Docker 0.12. Docker Docker 0.12.0 Docker Docker 1.0.0 Docker Docker 1.0.1 Docker Docker 1.1.0 Docker Docker 1.1.1 Docker Docker 1.1.2 Docker Docker 1.2.0 Docker Docker 1.3.0 Docker Docker 1.3.1 Docker Docker 1.3.2 Docker Docker 1.3.3 Docker Docker 1.4.0 Docker Docker 1.4.1 Docker Docker 1.5.0 Docker Docker 1.6 Docker Docker 1.6.0 Docker Docker 1.6.1 Docker Docker 1.6.2 Docker Docker 1.7.0 Docker Docker 1.7.1 Docker Docker 1.8.0 Docker Docker 1.8.1 Docker Docker 1.8.2 Docker Docker 1.8.3 Docker Docker 1.9.0 Docker Docker 1.9.1 Docker Docker 1.10.0 Docker Docker 1.10.0.0-0 Docker Docker 1.10.1 Docker Docker 1.10.1.42-1 Docker Docker 1.10.2 Docker Docker 1.10.2.12 Docker Docker 1.10.2.14 Docker Docker 1.10.3 Docker Docker 1.10.4.0 Docker Docker 1.10.6 Docker Docker 1.11 Docker Docker 1.11.0 Docker Docker 1.11.1 Docker Docker 1.11.2 Docker Docker 1.12.0 Docker Docker 1.12.1 Docker Docker 1.12.2 Docker Docker 1.12.3 Docker Docker 1.12.4 Docker Docker 1.12.5 Docker Docker 1.12.6 Docker Docker 1.13.0 Docker Docker 1.13.1 Docker Docker 2.0.0.0 Docker Docker 2.0.0.2 Docker Docker 2.0.0.3 Docker Docker 2.1.0.1 Docker Docker 2.1.0.2 Docker Docker 2.1.0.3 Docker Docker 2.1.0.4 Docker Docker 2.1.0.5 Docker Docker 2.2.0.0 Docker Docker 2.2.0.3 Docker Docker 2.2.0.4 Docker Docker 2.2.0.5 Docker Docker 2.3.0.2 Docker Docker 2.3.0.3 Docker Docker 2.3.0.4 Docker Docker 2.3.0.5 Docker Docker 2.4.0.0 Docker Docker 2.5.0.0 Docker Docker 17.03.0 Docker Docker 17.03.1 Docker Docker 17.03.2 Docker Docker 17.03.3 Docker Docker 17.04.0 Docker Docker 17.05.0 Docker Docker 17.06 Docker Docker 17.06.0 Docker Docker 17.06.1 Docker Docker 17.06.2 Docker Docker 17.07.0 Docker Docker 17.09.0 Docker Docker 17.09.1 Docker Docker 17.10.0 Docker Docker 17.11.0 Docker Docker 17.12.0 Docker Docker 17.12.1 Docker Docker 18.01.0 Docker Docker 18.02.0 Docker Docker 18.03.0 Docker Docker 18.03.1 Docker Docker 18.04.0 Docker Docker 18.05.0 Docker Docker 18.06.0 Docker Docker 18.06.1 Docker Docker 18.06.2 Docker Docker 18.06.3 Docker Docker 18.09.0 Docker Docker 18.09.1	290
Application	Linuxfoundation Linuxfoundation Runc 1.0.0 Linuxfoundation Runc - Linuxfoundation Runc 0.0.1 Linuxfoundation Runc 0.0.2 Linuxfoundation Runc 0.0.2.1 Linuxfoundation Runc 0.0.3 Linuxfoundation Runc 0.0.4 Linuxfoundation Runc 0.0.5 Linuxfoundation Runc 0.0.6 Linuxfoundation Runc 0.0.7 Linuxfoundation Runc 0.0.8 Linuxfoundation Runc 0.0.9 Linuxfoundation Runc 0.1.0 Linuxfoundation Runc 0.1.1	19
Application	Redhat Redhat Openshift 3.4 Redhat Openshift 3.7 Redhat Openshift 3.6 Redhat Openshift 3.5 Redhat Container Development KIT 3.7	5
Application	Google Google Kubernetes Engine -	1
Application	Linuxcontainers Linuxcontainers LXC - Linuxcontainers LXC 0.1.0 Linuxcontainers LXC 0.2.0 Linuxcontainers LXC 0.2.1 Linuxcontainers LXC 0.3.0 Linuxcontainers LXC 0.4.0 Linuxcontainers LXC 0.5.0 Linuxcontainers LXC 0.5.1 Linuxcontainers LXC 0.5.2 Linuxcontainers LXC 0.6.0 Linuxcontainers LXC 0.6.1 Linuxcontainers LXC 0.6.2 Linuxcontainers LXC 0.6.3 Linuxcontainers LXC 0.6.4 Linuxcontainers LXC 0.6.5 Linuxcontainers LXC 0.7.0 Linuxcontainers LXC 0.7.1 Linuxcontainers LXC 0.7.2 Linuxcontainers LXC 0.7.3 Linuxcontainers LXC 0.7.4 Linuxcontainers LXC 0.7.4.1 Linuxcontainers LXC 0.7.4.2 Linuxcontainers LXC 0.7.5 Linuxcontainers LXC 0.8.0 Linuxcontainers LXC 0.9.0 Linuxcontainers LXC 1.0.0 Linuxcontainers LXC 1.0.1 Linuxcontainers LXC 1.0.2 Linuxcontainers LXC 1.0.3 Linuxcontainers LXC 1.0.4 Linuxcontainers LXC 1.0.5 Linuxcontainers LXC 1.0.6 Linuxcontainers LXC 1.0.7 Linuxcontainers LXC 1.0.8 Linuxcontainers LXC 1.0.9 Linuxcontainers LXC 1.0.10 Linuxcontainers LXC 1.0.11 Linuxcontainers LXC 1.1.0 Linuxcontainers LXC 1.1.1 Linuxcontainers LXC 1.1.2 Linuxcontainers LXC 1.1.3 Linuxcontainers LXC 1.1.4 Linuxcontainers LXC 1.1.5 Linuxcontainers LXC 2.0.0 Linuxcontainers LXC 2.0.1 Linuxcontainers LXC 2.0.2 Linuxcontainers LXC 2.0.3 Linuxcontainers LXC 2.0.4 Linuxcontainers LXC 2.0.5 Linuxcontainers LXC 2.0.6 Linuxcontainers LXC 2.0.7 Linuxcontainers LXC 2.0.8 Linuxcontainers LXC 2.0.9 Linuxcontainers LXC 2.1.0 Linuxcontainers LXC 2.1.1 Linuxcontainers LXC 3.0.0 Linuxcontainers LXC 3.0.1 Linuxcontainers LXC 3.0.2 Linuxcontainers LXC 3.0.3 Linuxcontainers LXC 3.1.0	81
Application	Hp HP Onesphere -	1
Application	Netapp Netapp Solidfire - Netapp HCI Management Node -	2
Application	Apache Apache Mesos 1.4.0 Apache Mesos 1.4.1 Apache Mesos 1.4.2 Apache Mesos 1.6.0 Apache Mesos 1.6.1 Apache Mesos 1.7.0 Apache Mesos 1.7.1 Apache Mesos 1.5.0 Apache Mesos 1.5.1 Apache Mesos 1.5.2	39
Application	Opensuse Opensuse Backports SLE 15.0	2
Application	D2Iq D2Iq Kubernetes Engine 1.3.0-1.10.8 D2Iq Kubernetes Engine 1.3.1-1.10.8 D2Iq Kubernetes Engine 2.1.0-1.12.3 D2Iq Kubernetes Engine 2.1.1-1.12.5	4
Application	Microfocus Microfocus Service Management Automation 2018.05 Microfocus Service Management Automation 2018.02 Microfocus Service Management Automation 2018.08 Microfocus Service Management Automation 2018.11	4
OS	Redhat Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux 8.0	2
OS	Opensuse Opensuse Leap 42.3 Opensuse Leap 15.0 Opensuse Leap 15.1	3
OS	D2Iq D2Iq Dc/Os 1.9.0 D2Iq Dc/Os 1.9.1 D2Iq Dc/Os 1.9.2 D2Iq Dc/Os 1.9.3 D2Iq Dc/Os 1.9.4 D2Iq Dc/Os 1.9.5 D2Iq Dc/Os 1.9.6 D2Iq Dc/Os 1.9.7 D2Iq Dc/Os 1.9.8 D2Iq Dc/Os 1.9.9 D2Iq Dc/Os 1.9.10 D2Iq Dc/Os 1.10.0 D2Iq Dc/Os 1.10.1 D2Iq Dc/Os 1.10.2 D2Iq Dc/Os 1.10.3 D2Iq Dc/Os 1.10.4 D2Iq Dc/Os 1.10.5 D2Iq Dc/Os 1.10.6 D2Iq Dc/Os 1.10.7 D2Iq Dc/Os 1.10.8 D2Iq Dc/Os 1.10.9 D2Iq Dc/Os 1.10.11 D2Iq Dc/Os 1.11.0 D2Iq Dc/Os 1.11.1 D2Iq Dc/Os 1.11.2 D2Iq Dc/Os 1.11.3 D2Iq Dc/Os 1.11.4 D2Iq Dc/Os 1.11.5 D2Iq Dc/Os 1.11.6 D2Iq Dc/Os 1.11.7 D2Iq Dc/Os 1.11.8 D2Iq Dc/Os 1.11.10 D2Iq Dc/Os 1.12.0	41
OS	Fedoraproject Fedoraproject Fedora 29 Fedoraproject Fedora 30	2
OS	Canonical Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10 Canonical Ubuntu Linux 19.04	4

Common Weakness Enumeration (CWE)

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Common Attack Pattern Enumeration and Classification (CAPEC)

Command Line Execution through SQL Injection
An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Command Delimiters
An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or a blacklist input validation, as opposed to whitelist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or blacklist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
Exploiting Multiple Input Interpretation Layers
An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
Argument Injection
An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
OS Command Injection
In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.

Exploit-Db

file	exploits/linux/local/46369.md
id	EDB-ID:46369
last seen	2019-02-14
modified	2019-02-13
platform	linux
port
published	2019-02-13
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46369
title	runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
type	local

file	exploits/linux/local/46359.md
id	EDB-ID:46359
last seen	2019-02-12
modified	2019-02-12
platform	linux
port
published	2019-02-12
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46359
title	runc< 1.0-rc6 (Docker < 18.09.2) - Host Command Execution
type	local

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-295.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of
last seen	2020-06-01
modified	2020-06-02
plugin id	122660
published	2019-03-07
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122660
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-295. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(122660); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2018-16873", "CVE-2018-16874", "CVE-2018-16875", "CVE-2019-5736"); script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)"); script_summary(english:"Check for the openSUSE-2019-295 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of 'cp -r' to reduce noise in the build logs. This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048046" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051429" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1124308" ); script_set_attribute( attribute:"solution", value:"Update the affected containerd / docker / docker-runc / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:runc-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"containerd-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"containerd-ctr-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"containerd-test-1.2.2-lp150.4.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-bash-completion-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-debugsource-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-test-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-test-debuginfo-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-zsh-completion-18.09.1_ce-lp150.5.13.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-1.0.0~rc6-lp150.2.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-debuginfo-1.0.0~rc6-lp150.2.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"runc-test-1.0.0~rc6-lp150.2.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / docker-runc / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-6174B47003.NASL
description	This runc version should fix the keycreate issues on SELinux disabled machines. ---- Latest upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124570
published	2019-05-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124570
title	Fedora 29 : 2:runc (2019-6174b47003)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-6174b47003. # include("compat.inc"); if (description) { script_id(124570); script_version("1.3"); script_cvs_date("Date: 2019/09/23 11:21:10"); script_cve_id("CVE-2019-5736"); script_xref(name:"FEDORA", value:"2019-6174b47003"); script_name(english:"Fedora 29 : 2:runc (2019-6174b47003)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This runc version should fix the keycreate issues on SELinux disabled machines. ---- Latest upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-6174b47003" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:runc package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:runc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"runc-1.0.0-92.dev.gitc1b8c57.fc29", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:runc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-A5F616808E.NASL
description	Update to 1.0.7 Fixes related to CVE-2019-5736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122523
published	2019-03-01
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122523
title	Fedora 28 : flatpak (2019-a5f616808e)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-a5f616808e. # include("compat.inc"); if (description) { script_id(122523); script_version("1.3"); script_cvs_date("Date: 2019/09/23 11:21:11"); script_cve_id("CVE-2019-5736", "CVE-2019-8308"); script_xref(name:"FEDORA", value:"2019-a5f616808e"); script_name(english:"Fedora 28 : flatpak (2019-a5f616808e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 1.0.7 Fixes related to CVE-2019-5736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a5f616808e" ); script_set_attribute( attribute:"solution", value:"Update the affected flatpak package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:flatpak"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"flatpak-1.0.7-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flatpak"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-4048-1.NASL
description	Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	126564
published	2019-07-09
reporter	Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/126564
title	Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4048-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(126564); script_version("1.3"); script_cvs_date("Date: 2019/09/18 12:31:49"); script_cve_id("CVE-2018-15664", "CVE-2019-5736"); script_xref(name:"USN", value:"4048-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Docker vulnerabilities (USN-4048-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Aleksa Sarai discovered that Docker was vulnerable to a directory traversal attack. An attacker could use this vulnerability to read and write arbitrary files on the host filesystem as root. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4048-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected docker.io package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:docker.io"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04\|18\.04\|18\.10\|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~16.04.4")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~18.04.3")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~18.10.3")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"docker.io", pkgver:"18.09.7-0ubuntu1~19.04.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker.io"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-C1DAC1B3B8.NASL
description	Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas ed/5080). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128579
published	2019-09-09
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128579
title	Fedora 29 : lxc / lxcfs / python3-lxc (2019-c1dac1b3b8)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-c1dac1b3b8. # include("compat.inc"); if (description) { script_id(128579); script_version("1.3"); script_cvs_date("Date: 2019/09/24 11:01:32"); script_cve_id("CVE-2019-5736"); script_xref(name:"FEDORA", value:"2019-c1dac1b3b8"); script_name(english:"Fedora 29 : lxc / lxcfs / python3-lxc (2019-c1dac1b3b8)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas ed/5080). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c1dac1b3b8" ); script_set_attribute( attribute:"see_also", value:"https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-released/5080" ); script_set_attribute( attribute:"solution", value:"Update the affected lxc, lxcfs and / or python3-lxc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lxc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:lxcfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3-lxc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"lxc-3.0.4-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"lxcfs-3.0.4-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"python3-lxc-3.0.4-1.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lxc / lxcfs / python3-lxc"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_DOCKER_CVE-2019-5736.NASL
description	An update for runc is now available for CentOS 7 Extras. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736)
last seen	2020-06-01
modified	2020-06-02
plugin id	130262
published	2019-10-25
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/130262
title	Centos 7 : runc
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(130262); script_version("1.1"); script_cvs_date("Date: 2019/10/25 11:11:33"); script_cve_id("CVE-2019-5736"); script_name(english:"Centos 7 : runc"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute(attribute:"description", value: "An update for runc is now available for CentOS 7 Extras. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) "); script_set_attribute(attribute:"see_also", value:"https://cbs.centos.org/koji/buildinfo?buildID=25136"); script_set_attribute(attribute:"see_also", value:"https://cbs.centos.org/koji/buildinfo?buildID=25171"); # https://www.docker.com/blog/docker-security-update-cve-2018-5736-and-container-security-best-practices/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?122b4713"); script_set_attribute(attribute:"solution", value:"Update the affected runc, docker, and / or docker-ce packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5736"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:runc"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"docker-ce-18.09.2-3.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"docker-1.13.1-92.gitb2f74b2.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"runc-1.0.0-60.dev.git2abd837.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "runc / docker-ce"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-252.NASL
description	This update for docker-runc fixes the following issues: Security issue fixed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	122494
published	2019-02-28
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122494
title	openSUSE Security Update : docker-runc (openSUSE-2019-252)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-252. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(122494); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2019-5736"); script_name(english:"openSUSE Security Update : docker-runc (openSUSE-2019-252)"); script_summary(english:"Check for the openSUSE-2019-252 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for docker-runc fixes the following issues: Security issue fixed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967" ); script_set_attribute( attribute:"solution", value:"Update the affected docker-runc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker-runc / docker-runc-debuginfo / docker-runc-test"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-352D4B9CD8.NASL
description	CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122277
published	2019-02-19
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122277
title	Fedora 29 : moby-engine (2019-352d4b9cd8)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-352d4b9cd8. # include("compat.inc"); if (description) { script_id(122277); script_version("1.4"); script_cvs_date("Date: 2019/09/23 11:21:10"); script_cve_id("CVE-2019-5736"); script_xref(name:"FEDORA", value:"2019-352d4b9cd8"); script_name(english:"Fedora 29 : moby-engine (2019-352d4b9cd8)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-352d4b9cd8" ); script_set_attribute( attribute:"solution", value:"Update the affected moby-engine package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moby-engine"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"moby-engine-18.06.0-2.ce.git0ffa825.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moby-engine"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1499.NASL
description	This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125697
published	2019-06-04
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125697
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1499. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(125697); script_version("1.2"); script_cvs_date("Date: 2019/06/07 9:45:02"); script_cve_id("CVE-2018-16873", "CVE-2018-16874", "CVE-2018-16875", "CVE-2019-5736", "CVE-2019-6486"); script_name(english:"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1499)"); script_summary(english:"Check for the openSUSE-2019-1499 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114209" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114832" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118899" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121397" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121967" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1123013" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128376" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128746" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1134068" ); script_set_attribute( attribute:"solution", value:"Update the affected containerd / docker / docker-runc / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-ctr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:containerd-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-bash-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-runc-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:docker-zsh-completion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go-race"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.11-race"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.12"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.12-race"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"containerd-test-1.2.5-lp150.4.14.3") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-bash-completion-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"docker-zsh-completion-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"go-1.12-lp150.2.11.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"containerd-1.2.5-lp150.4.14.3") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"containerd-ctr-1.2.5-lp150.4.14.3") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-debuginfo-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-debugsource-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-libnetwork-debuginfo-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-runc-debuginfo-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-test-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"docker-test-debuginfo-18.09.6_ce-lp150.5.17.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go-race-1.12-lp150.2.11.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.11-1.11.9-lp150.9.3") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.11-race-1.11.9-lp150.9.3") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.12-1.12.4-lp150.2.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"go1.12-race-1.12.4-lp150.2.2") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-ctr / containerd-test / docker-runc / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0362-1.NASL
description	This update for docker-runc fixes the following issues : Security issue fixed : CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122182
published	2019-02-14
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122182
title	SUSE SLES15 Security Update : docker-runc (SUSE-SU-2019:0362-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2245.NASL
description	This update for lxc fixes the following issues : Update to lxc 3.2.1. The changelog can be found at https://discuss.linuxcontainers.org/t/lxc-3-2-1-has-been-released/5322 + seccomp: support syscall forwarding to userspace + add lxc.seccomp.allow_nesting + pidfd: Add initial support for the new pidfd api - Many hardening improvements. - Use /sys/kernel/cgroup/delegate file for cgroup v2. - Fix CVE-2019-5736 equivalent bug. - fix apparmor dropin to be compatible with LXC 3.1.0 (boo#1131762)
last seen	2020-06-01
modified	2020-06-02
plugin id	129580
published	2019-10-04
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129580
title	openSUSE Security Update : lxc (openSUSE-2019-2245)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-2BAA1F7B19.NASL
description	Update LXC to version 3.0.4. The release announcement can be found [here](https://discuss.linuxcontainers.org/t/lxc-3-0-4-has-been-releas ed/5080). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	128564
published	2019-09-09
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128564
title	Fedora 30 : lxc / lxcfs / python3-lxc (2019-2baa1f7b19)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-2117-1.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc: Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd: CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork: Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	127884
published	2019-08-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127884
title	SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2019:2117-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-963EA958F9.NASL
description	Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122356
published	2019-02-21
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122356
title	Fedora 28 : 2:runc (2019-963ea958f9)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-FD9345F44A.NASL
description	Update to 1.2.3 Fixes security vulnerability related to CVE-2019-5736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122139
published	2019-02-13
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122139
title	Fedora 29 : flatpak (2019-fd9345f44a)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-DF2E68AA6B.NASL
description	Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122199
published	2019-02-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122199
title	Fedora 29 : 2:docker (2019-df2e68aa6b)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-3F19F13ECD.NASL
description	Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122197
published	2019-02-15
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122197
title	Fedora 29 : 2:runc (2019-3f19f13ecd)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1444.NASL
description	This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : - CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). - CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). - CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). - CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). - CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes : - Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). - Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). - docker-test: Improvements to test packaging (bsc#1128746). - Move daemon.json file to /etc/docker directory (bsc#1114832). - Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). - Fix go build failures (bsc#1121397). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	125452
published	2019-05-28
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125452
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1444)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0495-1.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and fixes: Update shell completion to use Group: System/Shells. Add daemon.json file with rotation logs configuration (bsc#1114832) Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. Update go requirements to >= go1.10 Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). Remove the usage of
last seen	2020-06-01
modified	2020-06-02
plugin id	122472
published	2019-02-27
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122472
title	SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork, runc (SUSE-SU-2019:0495-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-201.NASL
description	This update for docker-runc fixes the following issues : Security issue fixed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) This update was imported from the SUSE:SLE-12:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	122301
published	2019-02-19
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122301
title	openSUSE Security Update : docker-runc (openSUSE-2019-201)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1275.NASL
description	This update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed : - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762)
last seen	2020-06-01
modified	2020-06-02
plugin id	124312
published	2019-04-26
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124312
title	openSUSE Security Update : lxc / lxcfs (openSUSE-2019-1275)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-BC70B381AD.NASL
description	This runc version should fix the keycreate issues on SELinux disabled machines. ---- Latest upstream Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124575
published	2019-05-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124575
title	Fedora 30 : 2:runc (2019-bc70b381ad)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-F455EF79B8.NASL
description	Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122358
published	2019-02-21
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122358
title	Fedora 28 : 2:docker (2019-f455ef79b8)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0304.NASL
description	An update for docker is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Docker is an open source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Additional details about this flaw, including mitigation information, can be found in the vulnerability article linked from the Reference section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	122111
published	2019-02-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122111
title	RHEL 7 : docker (RHSA-2019:0304)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0975.NASL
description	An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [stream rhel8] rebase container-selinux to 2.94 (BZ#1693675) * [stream rhel8] unable to mount disk at `/var/lib/containers` via `systemd` unit when `container-selinux` policy installed (BZ#1695669) * [stream rhel8] don
last seen	2020-05-23
modified	2019-05-07
plugin id	124666
published	2019-05-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124666
title	RHEL 8 : container-tools:rhel8 (RHSA-2019:0975)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-208.NASL
description	This update for runc fixes the following issues : Security vulnerablities addressed : - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967) - CVE-2018-16873: Fix a remote command execution during
last seen	2020-06-01
modified	2020-06-02
plugin id	122338
published	2019-02-20
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122338
title	openSUSE Security Update : runc (openSUSE-2019-208)

NASL family	Misc.
NASL id	RANCHEROS_1_5_1.NASL
description	The remote host is running a version of RancherOS prior to v1.5.1, hences it is vulnerable to a Local Command Execution Vulnerability. Opencontainers runc is prone to a local command-execution vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root privileges. runc through 1.0-rc6 are vulnerable.
last seen	2020-06-01
modified	2020-06-02
plugin id	132255
published	2019-12-19
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132255
title	Security Updates for RancherOS Local Command Execution Vulnerability

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0303.NASL
description	An update for runc is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Additional details about this flaw, including mitigation information, can be found in the vulnerability article linked from the Reference section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	122110
published	2019-02-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122110
title	RHEL 7 : runc (RHSA-2019:0303)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2019-0975.NASL
description	From Red Hat Security Advisory 2019:0975 : An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es) : * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * [stream rhel8] rebase container-selinux to 2.94 (BZ#1693675) * [stream rhel8] unable to mount disk at `/var/lib/containers` via `systemd` unit when `container-selinux` policy installed (BZ#1695669) * [stream rhel8] don
last seen	2020-06-01
modified	2020-06-02
plugin id	127569
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127569
title	Oracle Linux 8 : container-tools:rhel8 (ELSA-2019-0975)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2021.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues : Docker : - CVE-2019-14271: Fixed a code injection if the nsswitch facility dynamically loaded a library inside a chroot (bsc#1143409). - CVE-2019-13509: Fixed an information leak in the debug log (bsc#1142160). - Update to version 19.03.1-ce, see changelog at /usr/share/doc/packages/docker/CHANGELOG.md (bsc#1142413, bsc#1139649). runc : - Use %config(noreplace) for /etc/docker/daemon.json (bsc#1138920). - Update to runc 425e105d5a03, which is required by Docker (bsc#1139649). containerd : - CVE-2019-5736: Fixed a container breakout vulnerability (bsc#1121967). - Update to containerd v1.2.6, which is required by docker (bsc#1139649). golang-github-docker-libnetwork : - Update to version git.fc5a7d91d54cc98f64fc28f9e288b46a0bee756c, which is required by docker (bsc#1142413, bsc#1139649). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	128409
published	2019-08-30
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128409
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-2021)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2019-1156.NASL
description	A vulnerability was discovered in runc, which is used by Docker to run containers. runc did not prevent container processes from modifying the runc binary via /proc/self/exe. A malicious container could replace the runc binary, resulting in container escape and privilege escalation. This was fixed by creating a per-container copy of runc.(CVE-2019-5736)
last seen	2020-06-01
modified	2020-06-02
plugin id	122096
published	2019-02-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122096
title	Amazon Linux AMI : docker (ALAS-2019-1156)

NASL family	Virtuozzo Local Security Checks
NASL id	VIRTUOZZO_VZA-2019-008.NASL
description	According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - It was discovered that a malicious user logged in to a Virtuozzo container could potentially overwrite the
last seen	2020-06-01
modified	2020-06-02
plugin id	133452
published	2020-02-04
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133452
title	Virtuozzo 7 : readykernel-patch (VZA-2019-008)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-829524F28F.NASL
description	CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122283
published	2019-02-19
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122283
title	Fedora 28 : moby-engine (2019-829524f28f)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-1234-2.NASL
description	This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues : Security issues fixed : CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967). CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013). CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897). CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898). CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899). Other changes and bug fixes: Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068). Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068). Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068). docker-test: Improvements to test packaging (bsc#1128746). Move daemon.json file to /etc/docker directory (bsc#1114832). Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209). Fix go build failures (bsc#1121397). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	125920
published	2019-06-14
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125920
title	SUSE SLED15 / SLES15 Security Update : containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork (SUSE-SU-2019:1234-2)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-202003-21.NASL
description	The remote host is affected by the vulnerability described in GLSA-202003-21 (runC: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in runC. Please review the CVE identifiers referenced below for details. Impact : An attacker, by running a malicious Docker image, could escape the container, bypass security restrictions, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-03-19
modified	2020-03-16
plugin id	134598
published	2020-03-16
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134598
title	GLSA-202003-21 : runC: Multiple vulnerabilities

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1074.NASL
description	According to the version of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2019-03-08
plugin id	122697
published	2019-03-08
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122697
title	EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2019-1074)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1079.NASL
description	This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : - CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). - CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898). - CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897). - CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container breakout (bsc#1121967). Other changes and bug fixes : - Update shell completion to use Group: System/Shells. - Add daemon.json file with rotation logs configuration (bsc#1114832) - Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. - Disable leap based builds for kubic flavor (bsc#1121412). - Allow users to explicitly specify the NIS domain name of a container (bsc#1001161). - Update docker.service to match upstream and avoid rlimit problems (bsc#1112980). - Update go requirements to >= go1.10 - Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429). - Remove the usage of
last seen	2020-06-01
modified	2020-06-02
plugin id	123542
published	2019-04-01
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123542
title	openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-1079)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2019-0408.NASL
description	An update is now available for Red Hat OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat
last seen	2020-06-01
modified	2020-06-02
plugin id	122442
published	2019-02-26
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122442
title	RHEL 7 : OpenShift Container Platform 3.4, 3.5, 3.6, and 3.7 (RHSA-2019:0408)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2019-4DC1E39B34.NASL
description	Resolves: #1664908, #1676798 - Security fix for CVE-2019-5736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	122408
published	2019-02-25
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122408
title	Fedora 29 : 2:docker-latest (2019-4dc1e39b34)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1481.NASL
description	This update for lxc, lxcfs to version 3.1.0 fixes the following issues : Security issues fixed : - CVE-2019-5736: Fixed a container breakout vulnerability (boo#1122185). - CVE-2018-6556: Enable setuid bit on lxc-user-nic (boo#988348). Non-security issues fixed : - Update to LXC 3.1.0. The changelog is far too long to include here, please look at https://linuxcontainers.org/. (boo#1131762)
last seen	2020-06-01
modified	2020-06-02
plugin id	125668
published	2019-06-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125668
title	openSUSE Security Update : lxc / lxcfs (openSUSE-2019-1481)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1061.NASL
description	According to the version of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2019-02-22
plugin id	122388
published	2019-02-22
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122388
title	EulerOS 2.0 SP2 : docker-engine (EulerOS-SA-2019-1061)

Redhat

advisories

bugzilla

id	1695689
title	[stream rhel8] don't allow a container to connect to random services

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074
comment Module container-tools:rhel8 is enabled
oval oval:com.redhat.rhsa:tst:20190975043

AND

comment slirp4netns-debugsource is earlier than 0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975001
comment slirp4netns-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975002

AND

comment slirp4netns is earlier than 0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975003
comment slirp4netns is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975004

AND

comment skopeo-debugsource is earlier than 1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975005
comment skopeo-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975006

AND

comment skopeo is earlier than 1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975007
comment skopeo is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975008

AND

comment runc-debugsource is earlier than 0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
oval oval:com.redhat.rhsa:tst:20190975009
comment runc-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975010

AND

comment runc is earlier than 0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
oval oval:com.redhat.rhsa:tst:20190975011
comment runc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975012

AND

comment podman-debugsource is earlier than 0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975013
comment podman-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975014

AND

comment podman is earlier than 0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975015
comment podman is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975016

AND

comment oci-umount-debugsource is earlier than 2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975017
comment oci-umount-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975018

AND

comment oci-umount is earlier than 2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975019
comment oci-umount is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975020

AND

comment oci-systemd-hook-debugsource is earlier than 1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975021
comment oci-systemd-hook-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975022

AND

comment oci-systemd-hook is earlier than 1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975023
comment oci-systemd-hook is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975024

AND

comment fuse-overlayfs-debugsource is earlier than 0:0.3-2.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975025
comment fuse-overlayfs-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975026

AND

comment fuse-overlayfs is earlier than 0:0.3-2.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975027
comment fuse-overlayfs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975028

AND

comment containers-common is earlier than 1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975029
comment containers-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975030

AND

comment containernetworking-plugins-debugsource is earlier than 0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975031
comment containernetworking-plugins-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975032

AND

comment containernetworking-plugins is earlier than 0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975033
comment containernetworking-plugins is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975034

AND

comment buildah-debugsource is earlier than 0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975035
comment buildah-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975036

AND

comment buildah is earlier than 0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975037
comment buildah is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975038

AND

comment podman-docker is earlier than 0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975039
comment podman-docker is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975040

AND

comment container-selinux is earlier than 2:2.94-1.git1e99f1d.module+el8.0.0+2958+4e823551
oval oval:com.redhat.rhsa:tst:20190975041
comment container-selinux is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20190975042

rhsa

id	RHSA-2019:0975
released	2019-05-07
severity	Important
title	RHSA-2019:0975: container-tools:rhel8 security and bug fix update (Important)

rhsa
id RHSA-2019:0303
rhsa
id RHSA-2019:0304
rhsa
id RHSA-2019:0401
rhsa
id RHSA-2019:0408

rpms

runc-0:1.0.0-59.dev.git2abd837.el7
runc-debuginfo-0:1.0.0-59.dev.git2abd837.el7
docker-2:1.13.1-91.git07f3374.el7
docker-client-2:1.13.1-91.git07f3374.el7
docker-common-2:1.13.1-91.git07f3374.el7
docker-debuginfo-2:1.13.1-91.git07f3374.el7
docker-logrotate-2:1.13.1-91.git07f3374.el7
docker-lvm-plugin-2:1.13.1-91.git07f3374.el7
docker-novolume-plugin-2:1.13.1-91.git07f3374.el7
docker-rhel-push-plugin-2:1.13.1-91.git07f3374.el7
docker-v1.10-migrator-2:1.13.1-91.git07f3374.el7
docker-2:1.12.6-79.git5680db5.el7
docker-client-2:1.12.6-79.git5680db5.el7
docker-common-2:1.12.6-79.git5680db5.el7
docker-debuginfo-2:1.12.6-79.git5680db5.el7
docker-logrotate-2:1.12.6-79.git5680db5.el7
docker-lvm-plugin-2:1.12.6-79.git5680db5.el7
docker-novolume-plugin-2:1.12.6-79.git5680db5.el7
docker-rhel-push-plugin-2:1.12.6-79.git5680db5.el7
docker-unit-test-2:1.12.6-79.git5680db5.el7
docker-v1.10-migrator-2:1.12.6-79.git5680db5.el7
buildah-0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
buildah-debuginfo-0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
buildah-debugsource-0:1.5-3.gite94b4f9.module+el8.0.0+2958+4e823551
container-selinux-2:2.94-1.git1e99f1d.module+el8.0.0+2958+4e823551
containernetworking-plugins-0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
containernetworking-plugins-debuginfo-0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
containernetworking-plugins-debugsource-0:0.7.4-3.git9ebe139.module+el8.0.0+2958+4e823551
containers-common-1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
fuse-overlayfs-0:0.3-2.module+el8.0.0+2958+4e823551
fuse-overlayfs-debuginfo-0:0.3-2.module+el8.0.0+2958+4e823551
fuse-overlayfs-debugsource-0:0.3-2.module+el8.0.0+2958+4e823551
oci-systemd-hook-1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
oci-systemd-hook-debuginfo-1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
oci-systemd-hook-debugsource-1:0.1.15-2.git2d0b8a3.module+el8.0.0+2958+4e823551
oci-umount-2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
oci-umount-debuginfo-2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
oci-umount-debugsource-2:2.3.4-2.git87f9237.module+el8.0.0+2958+4e823551
podman-0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
podman-debuginfo-0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
podman-debugsource-0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
podman-docker-0:1.0.0-2.git921f98f.module+el8.0.0+2958+4e823551
runc-0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
runc-debuginfo-0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
runc-debugsource-0:1.0.0-55.rc5.dev.git2abd837.module+el8.0.0+3049+59fd2bba
skopeo-1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
skopeo-debuginfo-1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
skopeo-debugsource-1:0.1.32-3.git1715c90.module+el8.0.0+2958+4e823551
slirp4netns-0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551
slirp4netns-debuginfo-0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551
slirp4netns-debugsource-0:0.1-2.dev.gitc4e1bc5.module+el8.0.0+2958+4e823551

The Hacker News

id	THN:B0FC327500C590C565FC4F46D8DCDD34
last seen	2019-02-12
modified	2019-02-12
published	2019-02-12
reporter	The Hacker News
source	https://thehackernews.com/2019/02/linux-container-runc-docker.html
title	RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

Nessus

Redhat

The Hacker News

Related news

References