CVE-2019-5736: CVE-2019-5736

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-5736

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Docker 操作系统命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器（轻量级虚拟机）并部署和运行应用程序，以及通过配置文件实现应用程序的自动化安装、部署和升级。 Docker 18.09.2之前版本和其他产品中的runc 1.0-rc6及之前版本中存在安全漏洞，该漏洞源于程序没有正确地处理文件描述符。攻击者可利用该漏洞覆盖主机runc的二进制文件并以root权限执行命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2019-5736

#	POC Description	Source Link	Shenlong Link
1	Unweaponized Proof of Concept for CVE-2019-5736 (Docker escape)	https://github.com/q3k/cve-2019-5736-poc	POC Details
2	PoC for CVE-2019-5736	https://github.com/Frichetten/CVE-2019-5736-PoC	POC Details
3	runc容器逃逸漏洞预警	https://github.com/jas502n/CVE-2019-5736	POC Details
4	None	https://github.com/likescam/CVE-2019-5736	POC Details
5	None	https://github.com/likescam/cve-2019-5736-poc	POC Details
6	getshell test	https://github.com/agppp/cve-2019-5736-poc	POC Details
7	None	https://github.com/b3d3c/poc-cve-2019-5736	POC Details
8	CVE-2019-5736 POCs	https://github.com/twistlock/RunC-CVE-2019-5736	POC Details
9	None	https://github.com/yyqs2008/CVE-2019-5736-PoC-2	POC Details
10	https://nvd.nist.gov/vuln/detail/CVE-2019-5736 poc of CVE-2019-5736	https://github.com/zyriuse75/CVE-2019-5736-PoC	POC Details
11	None	https://github.com/stillan00b/CVE-2019-5736	POC Details
12	Exploit for the CVE-2019-5736 runc vulnerability	https://github.com/milloni/cve-2019-5736-exp	POC Details
13	Docker runc CVE-2019-5736 exploit Dockerfile. Credits : https://github.com/Frichetten/CVE-2019-5736-PoC.git	https://github.com/panzouh/Docker-Runc-Exploit	POC Details
14	Proof of concept code for breaking out of docker via runC	https://github.com/RyanNgWH/CVE-2019-5736-POC	POC Details
15	None	https://github.com/Lee-SungYoung/cve-2019-5736-study	POC Details
16	None	https://github.com/chosam2/cve-2019-5736-poc	POC Details
17	Code sample for using exploit CVE-2019-5736 to mine bitcoin with no association to original container or user.	https://github.com/epsteina16/Docker-Escape-Miner	POC Details
18	None	https://github.com/geropl/CVE-2019-5736	POC Details
19	CVE-2019-5736 implemented in a self-written container runtime to understand the exploit.	https://github.com/GiverOfGifts/CVE-2019-5736-Custom-Runtime	POC Details
20	None	https://github.com/Billith/CVE-2019-5736-PoC	POC Details
21	None	https://github.com/BBRathnayaka/POC-CVE-2019-5736	POC Details
22	CVE-2019-5736	https://github.com/shen54/IT19172088	POC Details
23	None	https://github.com/crypticdante/CVE-2019-5736	POC Details
24	Modified version of CVE-2019-5736-PoC by Frichetten	https://github.com/fahmifj/Docker-breakout-runc	POC Details
25	None	https://github.com/Asbatel/CVE-2019-5736_POC	POC Details
26	None	https://github.com/takumak/cve-2019-5736-reproducer	POC Details
27	None	https://github.com/si1ent-le/CVE-2019-5736	POC Details
28	None	https://github.com/H3xL00m/CVE-2019-5736	POC Details
29	None	https://github.com/n3ov4n1sh/CVE-2019-5736	POC Details
30	None	https://github.com/c0d3cr4f73r/CVE-2019-5736	POC Details
31	None	https://github.com/Sp3c73rSh4d0w/CVE-2019-5736	POC Details
32	None	https://github.com/0xwh1pl4sh/CVE-2019-5736	POC Details
33	None	https://github.com/N3rdyN3xus/CVE-2019-5736	POC Details
34	None	https://github.com/NyxByt3/CVE-2019-5736	POC Details
35	None	https://github.com/likekabin/CVE-2019-5736	POC Details
36	None	https://github.com/likekabin/cve-2019-5736-poc	POC Details
37	None	https://github.com/h3xcr4ck3r/CVE-2019-5736	POC Details
38	None	https://github.com/n3rdh4x0r/CVE-2019-5736	POC Details
39	Description of the Project goes here	https://github.com/sonyavalo/CVE-2019-5736-attack-and-security-mechanism	POC Details
40	In this project, we found a recent attack through the malicious container and implemented a security mechanism to stop it.	https://github.com/sonyavalo/CVE-2019-5736-Dockerattack-and-security-mechanism	POC Details
41	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%BA%91%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E/Docker%20runC%20%E6%BC%8F%E6%B4%9E%E5%AF%BC%E8%87%B4%E5%AE%B9%E5%99%A8%E9%80%83%E9%80%B8%20CVE-2019-5736.md	POC Details
42	None	https://github.com/h3x0v3rl0rd/CVE-2019-5736	POC Details
43	C-based PoC for CVE-2019-5736	https://github.com/Perimora/cve_2019-5736-PoC	POC Details
44	None	https://github.com/h-wookie/cve-2019-5736-poc	POC Details
45	This repository provides a high-fidelity technical deconstruction and production-ready exploitation suite for CVE-2019-5736. It demonstrates how a root user inside a container can achieve a Host Root Shell by overwriting the host runc binary using an OverlayFS mount and ld.so.preload manipulation.	https://github.com/sastraadiwiguna-purpleeliteteaming/Holistic-Deconstruction-of-CVE-2019-5736-	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-5736

Please Login to view more intelligence information

https://bugzilla.suse.com/show_bug.cgi?id=1121967x_refsource_MISC
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/x_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_usx_refsource_CONFIRM
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/x_refsource_MISC
https://www.openwall.com/lists/oss-security/2019/02/11/2x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190307-0008/x_refsource_CONFIRM
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.htmlx_refsource_MISC
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/x_refsource_MISC
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003x_refsource_CONFIRM
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944x_refsource_CONFIRM
https://github.com/docker/docker-ce/releases/tag/v18.09.2x_refsource_MISC
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runcx_refsource_MISC
https://brauner.github.io/2019/02/12/privileged-containers.htmlx_refsource_MISC
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.htmlx_refsource_MISC
https://www.synology.com/security/advisory/Synology_SA_19_06x_refsource_CONFIRM
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558bx_refsource_MISC
https://access.redhat.com/security/vulnerabilities/runcescapex_refsource_MISC
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40dx_refsource_MISC
https://github.com/Frichetten/CVE-2019-5736-PoCx_refsource_MISC
https://access.redhat.com/security/cve/cve-2019-5736x_refsource_MISC
https://github.com/q3k/cve-2019-5736-pocx_refsource_MISC
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/x_refsource_MISC
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.htmlx_refsource_MISC
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/x_refsource_MISC
https://github.com/rancher/runc-cvex_refsource_MISC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runcvendor-advisoryx_refsource_CISCO
https://www.exploit-db.com/exploits/46369/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/46359/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/106976vdb-entryx_refsource_BID
https://usn.ubuntu.com/4048-1/vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:0303vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0408vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0304vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:0401vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/202003-21vendor-advisoryx_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2019:0975vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlvendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2019/10/24/1mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/4mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/06/28/2mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/07/06/3mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/10/29/3mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3Emailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2024/01/31/6mailing-list
http://www.openwall.com/lists/oss-security/2024/02/01/1mailing-list
http://www.openwall.com/lists/oss-security/2024/02/02/3mailing-list
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3Emailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/03/23/1mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2019-5736

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2019-5736

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2019-5736

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-5736

III. Intelligence Information for CVE-2019-5736

IV. Related Vulnerabilities

V. Comments for CVE-2019-5736

Leave a comment