CVE-2019-5736
Published Feb 11, 2019
Last updated 9 months ago
Overview
- Description
- runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.6
- Impact score
- 6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A367C4FA-18DF-402F-B120-254B35F73BD1",
"versionEndExcluding": "18.09.2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5",
"versionEndIncluding": "0.1.1"
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "949172CC-EBB5-47F6-B987-207C802EED0F"
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647"
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF"
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7"
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "093326B1-448C-4E3B-886D-CAC8B6813BFF"
},
{
"criteria": "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F672C421-789D-4F21-B483-DA3EB251BA1D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48FAFDE5-1E73-4874-8F2E-3C74B1955096"
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310"
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9955945-7509-4542-BF83-B7BA0B4D8D05"
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D"
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55349BC5-90EC-4954-8CEB-3C37D34742C4"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C2EB454-D0C9-47FC-B727-1D61A8811967"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AF77BB2-6F7A-408A-9F54-60F1F53B3709",
"versionEndExcluding": "3.2.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41FF9E5A-7BD1-477E-9875-8525FD87B13F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA0695E0-954A-4533-9D93-58257E9EA6D5",
"versionEndExcluding": "1.4.3",
"versionStartIncluding": "1.4.0"
},
{
"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B51B8DF0-FCE4-42A7-A582-0476226C6188",
"versionEndExcluding": "1.5.3",
"versionStartIncluding": "1.5.0"
},
{
"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01878119-E05A-469B-B49D-5D19082CED28",
"versionEndExcluding": "1.6.2",
"versionStartIncluding": "1.6.0"
},
{
"criteria": "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AB1BB7C-46A1-4676-9D15-D75EC1E4594C",
"versionEndExcluding": "1.7.2",
"versionStartIncluding": "1.7.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD"
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568"
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "632B24FA-F2D6-42B0-87C7-7F142E15EFC7",
"versionEndExcluding": "2.2.0-1.13.3"
},
{
"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AD20FA7-737F-47C0-B2AC-735438253AA9",
"versionEndExcluding": "1.10.10"
},
{
"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E5AE03E-3AC4-4439-9D0D-45E097B2552C",
"versionEndExcluding": "1.11.9",
"versionStartIncluding": "1.10.11"
},
{
"criteria": "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2F3078E-08E0-4C76-A7A3-A93B953BEDD5",
"versionEndExcluding": "1.12.1",
"versionStartIncluding": "1.11.10"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DCFB2E7-D769-4365-9B99-952907563749"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0"
},
{
"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82C0FD9D-6117-40DE-9386-7327867F9615"
}
],
"operator": "OR"
}
]
}
]