漏洞信息(CVE-2019-5736)

一、漏洞 CVE-2019-5736 基础信息

漏洞信息

# N/A

## 漏洞概述
runc 通过 1.0-rc6 版本中存在漏洞，该漏洞允许攻击者通过控制容器中的命令执行覆盖主机的 runc 二进制文件，从而获得主机的 root 权限。

## 影响版本
- runc 通过 1.0-rc6 版本
- Docker 版本低于 18.09.2

## 漏洞细节
攻击者可以通过以下方式之一覆盖主机的 runc 二进制文件：
1. 在包含受攻击者控制的镜像的新容器中执行命令。
2. 通过 docker exec 命令附加到一个攻击者之前曾有写入权限的现有容器中执行命令。

该漏洞主要与文件描述符处理不当相关，特别是与 `/proc/self/exe` 相关。

## 影响
攻击者能通过这种方式覆盖主机的 runc 二进制文件并获得主机的 root 权限。这可能导致整个系统的安全受到严重威胁。

备注

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Docker 操作系统命令注入漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器（轻量级虚拟机）并部署和运行应用程序，以及通过配置文件实现应用程序的自动化安装、部署和升级。 Docker 18.09.2之前版本和其他产品中的runc 1.0-rc6及之前版本中存在安全漏洞，该漏洞源于程序没有正确地处理文件描述符。攻击者可利用该漏洞覆盖主机runc的二进制文件并以root权限执行命令。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

授权问题

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2019-5736 的公开POC

#	POC 描述	源链接	神龙链接
1	Unweaponized Proof of Concept for CVE-2019-5736 (Docker escape)	https://github.com/q3k/cve-2019-5736-poc	POC详情
2	PoC for CVE-2019-5736	https://github.com/Frichetten/CVE-2019-5736-PoC	POC详情
3	runc容器逃逸漏洞预警	https://github.com/jas502n/CVE-2019-5736	POC详情
4	None	https://github.com/likescam/CVE-2019-5736	POC详情
5	None	https://github.com/likescam/cve-2019-5736-poc	POC详情
6	getshell test	https://github.com/agppp/cve-2019-5736-poc	POC详情
7	None	https://github.com/b3d3c/poc-cve-2019-5736	POC详情
8	CVE-2019-5736 POCs	https://github.com/twistlock/RunC-CVE-2019-5736	POC详情
9	None	https://github.com/yyqs2008/CVE-2019-5736-PoC-2	POC详情
10	https://nvd.nist.gov/vuln/detail/CVE-2019-5736 poc of CVE-2019-5736	https://github.com/zyriuse75/CVE-2019-5736-PoC	POC详情
11	None	https://github.com/stillan00b/CVE-2019-5736	POC详情
12	Exploit for the CVE-2019-5736 runc vulnerability	https://github.com/milloni/cve-2019-5736-exp	POC详情
13	Docker runc CVE-2019-5736 exploit Dockerfile. Credits : https://github.com/Frichetten/CVE-2019-5736-PoC.git	https://github.com/panzouh/Docker-Runc-Exploit	POC详情
14	Proof of concept code for breaking out of docker via runC	https://github.com/RyanNgWH/CVE-2019-5736-POC	POC详情
15	None	https://github.com/Lee-SungYoung/cve-2019-5736-study	POC详情
16	None	https://github.com/chosam2/cve-2019-5736-poc	POC详情
17	Code sample for using exploit CVE-2019-5736 to mine bitcoin with no association to original container or user.	https://github.com/epsteina16/Docker-Escape-Miner	POC详情
18	None	https://github.com/geropl/CVE-2019-5736	POC详情
19	CVE-2019-5736 implemented in a self-written container runtime to understand the exploit.	https://github.com/GiverOfGifts/CVE-2019-5736-Custom-Runtime	POC详情
20	None	https://github.com/Billith/CVE-2019-5736-PoC	POC详情
21	None	https://github.com/BBRathnayaka/POC-CVE-2019-5736	POC详情
22	CVE-2019-5736	https://github.com/shen54/IT19172088	POC详情
23	None	https://github.com/crypticdante/CVE-2019-5736	POC详情
24	Modified version of CVE-2019-5736-PoC by Frichetten	https://github.com/fahmifj/Docker-breakout-runc	POC详情
25	None	https://github.com/Asbatel/CVE-2019-5736_POC	POC详情
26	None	https://github.com/takumak/cve-2019-5736-reproducer	POC详情
27	None	https://github.com/si1ent-le/CVE-2019-5736	POC详情
28	None	https://github.com/H3xL00m/CVE-2019-5736	POC详情
29	None	https://github.com/n3ov4n1sh/CVE-2019-5736	POC详情
30	None	https://github.com/c0d3cr4f73r/CVE-2019-5736	POC详情
31	None	https://github.com/Sp3c73rSh4d0w/CVE-2019-5736	POC详情
32	None	https://github.com/0xwh1pl4sh/CVE-2019-5736	POC详情
33	None	https://github.com/N3rdyN3xus/CVE-2019-5736	POC详情
34	None	https://github.com/NyxByt3/CVE-2019-5736	POC详情
35	None	https://github.com/likekabin/CVE-2019-5736	POC详情
36	None	https://github.com/likekabin/cve-2019-5736-poc	POC详情
37	None	https://github.com/h3xcr4ck3r/CVE-2019-5736	POC详情
38	None	https://github.com/n3rdh4x0r/CVE-2019-5736	POC详情
39	Description of the Project goes here	https://github.com/sonyavalo/CVE-2019-5736-attack-and-security-mechanism	POC详情
40	In this project, we found a recent attack through the malicious container and implemented a security mechanism to stop it.	https://github.com/sonyavalo/CVE-2019-5736-Dockerattack-and-security-mechanism	POC详情

三、漏洞 CVE-2019-5736 的情报信息

https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/ x_refsource_MISC
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d x_refsource_MISC
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003 x_refsource_CONFIRM
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html x_refsource_MISC
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html x_refsource_MISC
https://bugzilla.suse.com/show_bug.cgi?id=1121967 x_refsource_MISC
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html x_refsource_MISC
https://access.redhat.com/security/vulnerabilities/runcescape x_refsource_MISC
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc x_refsource_MISC
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/ x_refsource_MISC
https://brauner.github.io/2019/02/12/privileged-containers.html x_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us x_refsource_CONFIRM
https://github.com/Frichetten/CVE-2019-5736-PoC x_refsource_MISC
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944 x_refsource_CONFIRM
https://access.redhat.com/security/cve/cve-2019-5736 x_refsource_MISC
https://www.openwall.com/lists/oss-security/2019/02/11/2 x_refsource_MISC
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/ x_refsource_MISC
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b x_refsource_MISC
https://github.com/q3k/cve-2019-5736-poc x_refsource_MISC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc vendor-advisory x_refsource_CISCO
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ x_refsource_MISC
https://github.com/rancher/runc-cve x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190307-0008/ x_refsource_CONFIRM
https://www.synology.com/security/advisory/Synology_SA_19_06 x_refsource_CONFIRM
https://github.com/docker/docker-ce/releases/tag/v18.09.2 x_refsource_MISC
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/ x_refsource_MISC
https://www.exploit-db.com/exploits/46369/ exploit x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/46359/ exploit x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/106976 vdb-entry x_refsource_BID
https://usn.ubuntu.com/4048-1/ vendor-advisory x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:0975 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0408 vendor-advisory x_refsource_REDHAT
https://security.gentoo.org/glsa/202003-21 vendor-advisory x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2019:0304 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0303 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0401 vendor-advisory x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html vendor-advisory x_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/ vendor-advisory x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/ vendor-advisory x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/ vendor-advisory x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/ vendor-advisory x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2019/10/24/1 mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/06/28/2 mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/3 mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/4 mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/10/29/3 mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2024/01/31/6 mailing-list
http://www.openwall.com/lists/oss-security/2024/02/01/1 mailing-list
http://www.openwall.com/lists/oss-security/2024/02/02/3 mailing-list
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/03/23/1 mailing-list x_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2019-5736

一、 漏洞 CVE-2019-5736 基础信息

漏洞信息

备注

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2019-5736 的公开POC

三、漏洞 CVE-2019-5736 的情报信息

一、漏洞 CVE-2019-5736 基础信息