← back
CVE-2019-5736

CVE-2019-5736

EPSS 98.6%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 98.6%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
01 Jan 2019Metasploit module available
11 Feb 2019Published on NVD
12 Feb 2019Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
Affected products
n/a · n/a
public PoCs found34
githubgithub.com/Frichetten/CVE-2019-5736-PoC657githubgithub.com/q3k/cve-2019-5736-poc209githubgithub.com/twistlock/RunC-CVE-2019-573686githubgithub.com/jas502n/CVE-2019-573614githubgithub.com/agppp/cve-2019-5736-poc7githubgithub.com/epsteina16/Docker-Escape-Miner3githubgithub.com/panzouh/Docker-Runc-Exploit1githubgithub.com/b3d3c/poc-cve-2019-57361githubgithub.com/likekabin/CVE-2019-57361githubgithub.com/GiverOfGifts/CVE-2019-5736-Custom-Runtime1githubgithub.com/milloni/cve-2019-5736-exp1githubgithub.com/Billith/CVE-2019-5736-PoC0githubgithub.com/BBRathnayaka/POC-CVE-2019-57360githubgithub.com/shen54/IT191720880githubgithub.com/h3x0v3rl0rd/CVE-2019-57360githubgithub.com/fahmifj/Docker-breakout-runc0githubgithub.com/si1ent-le/CVE-2019-57360githubgithub.com/takumak/cve-2019-5736-reproducer0githubgithub.com/sonyavalo/CVE-2019-5736-Dockerattack-and-security-mechanism0githubgithub.com/Perimora/cve_2019-5736-PoC0githubgithub.com/sastraadiwiguna-purpleeliteteaming/Holistic-Deconstruction-of-CVE-2019-5736-0githubgithub.com/likekabin/cve-2019-5736-poc0githubgithub.com/yyqs2008/CVE-2019-5736-PoC-20githubgithub.com/stillan00b/CVE-2019-57360githubgithub.com/RyanNgWH/CVE-2019-5736-POC0githubgithub.com/Lee-SungYoung/cve-2019-5736-study0githubgithub.com/h-wookie/cve-2019-5736-poc0githubgithub.com/geropl/CVE-2019-57360exploitdbwww.exploit-db.com/exploits/46369unverifiedcve_referencepacketstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.htmlunverifiedcve_referencewww.exploit-db.com/exploits/46359/unverifiedcve_referencewww.exploit-db.com/exploits/46369/unverifiedexploitdbwww.exploit-db.com/exploits/46359unverifiedcve_referencepacketstormsecurity.com/files/163339/Docker-Container-Escape.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlhttp://packetstormsecurity.com/files/163339/Docker-Container-Escape.htmlhttp://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html