Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-5736

Date: February 11, 2019

Overview

CVE-2019-5736 is a high severity (CVSS score 8.6), privilege escalation vulnerability involving the runC runtime component. RunC is a “low level” container runtime specification used by many container platforms (including OpenShift, Kubernetes, and Docker) to create, run and perform operations on containers.

Details

CVE-2019-5736 affects specially-crafted containers running in default settings. It allows attackers to gain root-level code execution capabilities on the host by overwriting the host runC binary. It does this by leveraging the ability to execute commands as root within (i) Existing containers to which the attacker can attach (docker exec) (Note: the attacker must have write access to the container) (ii) New containers created with an attacker-controlled image The above instances may seem different, but they are both implemented similarly and require runC to spawn a new process in a container. In both instances, runC handles the running of a user-defined binary within the container. In most platforms and distributions, the binary is either docker exec’s argument when it’s attached to an existing container or the image’s entry point when starting a new container.

Affected Environments

All container engines running runC (versions 1.0 - rc6) can be exploited. This includes Red Hat Enterprise Linux 7 Extras Kubernetes Engine 1.0 - 1.12.5 Docker 1.0.0 -1.13.1 Redhat OpenShift Container Platform 3.4 - 3.7 VMWare PS 1.2 - 1.3.1 VMWare vSphere Integrated Containers 1.0 - 1.3 VMWare Integrated OpenStack with Kubernetes (VIO-K) 5.0 - 5.1 Amazon Web Services AWS Fargate Platform 1.0 - 1.7.1

Remediation

Patch systems with updated versions of the runC package. Safe versions for various engines include Docker - 18.09.2, 18.06.3, 18.03.1-ee-6, 17.06.2-ee-19 CoreOS - 2051.0.0 Amazon Linux - docker 18.06.1ce-7.25.amzn1.x86_64 RedHat Enterprise Linux - docker 1.13.1-91.git07f3374.el7 Debian - runc 0.1.1+dfsg1-2 Ubuntu - runc 1.0.0~rc4+dfsg1-6ubuntu0.18.10.1

Prevention

Leverage role-based access control (RBAC) to prevent unauthorized users from overwriting the runC file. Regularly update all machines to minimize the chance of exploitation Avoid running containers with root privileges, particularly for those with default configurations. Properly configure containers to ensure maximum security

Language: C

Good to know:

icon
icon

Containment Errors (Container Errors)

CWE-216

OS Command Injections

CWE-78
icon

Upgrade Version

Upgrade to version v1.0.0-rc7

Learn More

Base Score:
Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional information:

Related Resources (84)

https://github.com/rancher/runc-cve
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
https://access.redhat.com/errata/RHSA-2019:0401
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
https://security.netapp.com/advisory/ntap-20190307-0008/
https://security-tracker.debian.org/tracker/CVE-2019-5736
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E
https://www.exploit-db.com/exploits/46369/
http://www.openwall.com/lists/oss-security/2024/01/31/6
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E
https://access.redhat.com/security/vulnerabilities/runcescape
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
http://www.openwall.com/lists/oss-security/2024/02/02/3
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
http://www.openwall.com/lists/oss-security/2019/10/29/3
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5736
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
https://bugzilla.suse.com/show_bug.cgi?id=1121967
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
https://access.redhat.com/security/cve/cve-2019-5736
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
http://www.openwall.com/lists/oss-security/2019/06/28/2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E
https://brauner.github.io/2019/02/12/privileged-containers.html
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
https://access.redhat.com/errata/RHSA-2019:0408
http://www.openwall.com/lists/oss-security/2019/07/06/4
http://www.openwall.com/lists/oss-security/2019/07/06/3
https://security.gentoo.org/glsa/202003-21
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
https://www.exploit-db.com/exploits/46359/
http://www.openwall.com/lists/oss-security/2019/03/23/1
http://www.openwall.com/lists/oss-security/2024/02/01/1
http://www.openwall.com/lists/oss-security/2019/10/24/1
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
https://www.synology.com/security/advisory/Synology_SA_19_06
http://www.securityfocus.com/bid/106976
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
https://access.redhat.com/errata/RHSA-2019:0975
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
https://github.com/docker/docker-ce/releases/tag/v18.09.2
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html
https://www.openwall.com/lists/oss-security/2019/02/11/2
https://nvd.nist.gov/vuln/detail/CVE-2019-5736
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
https://github.com/Frichetten/CVE-2019-5736-PoC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc
https://github.com/q3k/cve-2019-5736-poc
https://access.redhat.com/security/cve/CVE-2019-5736
https://usn.ubuntu.com/4048-1/
https://security.alpinelinux.org/vuln/CVE-2019-5736
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
https://access.redhat.com/errata/RHSA-2019:0303
https://access.redhat.com/errata/RHSA-2019:0304
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html
https://www.mend.io/vulnerability-database/CVE-2019-5736
https://www.mend.io/resources/blog/top-5-open-source-security-vulnerabilities-february-2019