ArchLinux: 201902-6: runc: privilege escalation

    Date12 Feb 2019
    Posted ByLinuxSecurity Advisories
    The package runc before version 1.0.0rc6-1 is vulnerable to privilege escalation.
    Arch Linux Security Advisory ASA-201902-6
    Severity: High
    Date    : 2019-02-11
    CVE-ID  : CVE-2019-5736
    Package : runc
    Type    : privilege escalation
    Remote  : Yes
    Link    :
    The package runc before version 1.0.0rc6-1 is vulnerable to privilege
    Upgrade to 1.0.0rc6-1.
    # pacman -Syu "runc>=1.0.0rc6-1"
    The problem has been fixed upstream in version 1.0.0rc6.
    Don't run privileged containers.
    A vulnerability discovered in runc through 1.0-rc6, as used in Docker
    before 18.09.2 and other products, allows attackers to overwrite the
    host runc binary (and consequently obtain host root access) by
    leveraging the ability to execute a command as root within one of these
    types of containers: (1) a new container with an attacker-controlled
    image, or (2) an existing container, to which the attacker previously
    had write access, that can be attached with docker exec. This occurs
    because of file-descriptor mishandling, related to /proc/self/exe.
    A malicious container can escalate privileges to gain access as root on
    the host system and execute arbitrary code.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.