Skip to Content.
Sympa Menu

cv-announce-l - [cv-announce-l] Docker / runc Privilege Escalation (CVE-2019-5736)

Please Wait...

cv-announce-l@list.iu.edu

Subject: cv alerts list

List archive

[cv-announce-l] Docker / runc Privilege Escalation (CVE-2019-5736)


Chronological Thread  
  • From: Andrew K Adams <akadams@psc.edu>
  • To: cv-announce@trustedci.org
  • Cc: "Andrew K. Adams" <akadams@psc.edu>
  • Subject: [cv-announce-l] Docker / runc Privilege Escalation (CVE-2019-5736)
  • Date: Tue, 12 Feb 2019 14:45:28 -0500

CI Operators:


A file-descriptor mishandling issue was found with ‘runc’ which can allow a user to overwrite the host runc binary[1][2][3].  ‘runc’ is used by Docker (before v18.09.2) and other container runtimes.


Impact:

On systems that do *not* have SELinux enabled in ‘enforcing’ mode, a malicious actor could escalate their privilege on the host system.


Affected Software:

* runc through 1.0-rc6

* docker-1.12 from RHEL7


Recommendation:

Apply the latest patch to Docker, or runc (if using a different runtime container).


References:

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736

[2] https://access.redhat.com/security/cve/cve-2019-5736

[3] https://access.redhat.com/security/vulnerabilities/runcescape?extIdCarryOver=true&sc_cid=701f2000001OH7JAAW


How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI can not provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (http://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.




  • [cv-announce-l] Docker / runc Privilege Escalation (CVE-2019-5736), Andrew K Adams, 02/12/2019

Archive powered by MHonArc 2.6.24.

Top of Page