CVE-2019-5736

Published Feb 11, 2019
Last updated a year ago
CVSS high 8.6
Overview

Description: runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.6
Impact score: 6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-78
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A367C4FA-18DF-402F-B120-254B35F73BD1",
            "versionEndExcluding": "18.09.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5",
            "versionEndIncluding": "0.1.1"
          },
          {
            "criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "949172CC-EBB5-47F6-B987-207C802EED0F"
          },
          {
            "criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647"
          },
          {
            "criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF"
          },
          {
            "criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7"
          },
          {
            "criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "093326B1-448C-4E3B-886D-CAC8B6813BFF"
          },
          {
            "criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F672C421-789D-4F21-B483-DA3EB251BA1D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48FAFDE5-1E73-4874-8F2E-3C74B1955096"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9955945-7509-4542-BF83-B7BA0B4D8D05"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55349BC5-90EC-4954-8CEB-3C37D34742C4"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C2EB454-D0C9-47FC-B727-1D61A8811967"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AF77BB2-6F7A-408A-9F54-60F1F53B3709",
            "versionEndExcluding": "3.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41FF9E5A-7BD1-477E-9875-8525FD87B13F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"
          },
          {
            "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA0695E0-954A-4533-9D93-58257E9EA6D5",
            "versionEndExcluding": "1.4.3",
            "versionStartIncluding": "1.4.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B51B8DF0-FCE4-42A7-A582-0476226C6188",
            "versionEndExcluding": "1.5.3",
            "versionStartIncluding": "1.5.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01878119-E05A-469B-B49D-5D19082CED28",
            "versionEndExcluding": "1.6.2",
            "versionStartIncluding": "1.6.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AB1BB7C-46A1-4676-9D15-D75EC1E4594C",
            "versionEndExcluding": "1.7.2",
            "versionStartIncluding": "1.7.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD"
          },
          {
            "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "632B24FA-F2D6-42B0-87C7-7F142E15EFC7",
            "versionEndExcluding": "2.2.0-1.13.3"
          },
          {
            "criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AD20FA7-737F-47C0-B2AC-735438253AA9",
            "versionEndExcluding": "1.10.10"
          },
          {
            "criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E5AE03E-3AC4-4439-9D0D-45E097B2552C",
            "versionEndExcluding": "1.11.9",
            "versionStartIncluding": "1.10.11"
          },
          {
            "criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2F3078E-08E0-4C76-A7A3-A93B953BEDD5",
            "versionEndExcluding": "1.12.1",
            "versionStartIncluding": "1.11.10"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DCFB2E7-D769-4365-9B99-952907563749"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82C0FD9D-6117-40DE-9386-7327867F9615"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
