Vulnerabilites related to linuxcontainers - lxc
Vulnerability from fkie_nvd
Published
2020-02-10 01:15
Modified
2024-11-21 03:20
Summary
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
References
Impacted products
Vendor Product Version
linuxcontainers lxc 2.0.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:2.0.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "171010F6-2034-4373-B180-C5E75D533521",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.",
      },
      {
         lang: "es",
         value: "En LXC versión 2.0, muchos scripts de plantilla descargan código por medio de texto sin cifrar HTTP, y omiten una comprobación de firma digital, antes de ejecutarse en los contenedores de arranque.",
      },
   ],
   id: "CVE-2017-18641",
   lastModified: "2024-11-21T03:20:33.143",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-02-10T01:15:10.483",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:25
Severity ?
Summary
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
Impacted products
Vendor Product Version
linuxcontainers lxc *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D42FBB3-FE4C-462D-BF7C-84A64DC5ED25",
                     versionEndIncluding: "1.1.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.",
      },
      {
         lang: "es",
         value: "attach.c en LXC 1.1.2 y en versiones anteriores utiliza el sistema de archivos proc en un contenedor, lo que permite a usuarios del contenedor local escapar del confinamiento AppArmor o SELinux montando un sistema de archivos proc con un (1) perfil AppArmor o (2) una etiqueta SELinux manipulados.",
      },
   ],
   id: "CVE-2015-1334",
   lastModified: "2024-11-21T02:25:11.530",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-08-12T14:59:05.590",
   references: [
      {
         source: "security@ubuntu.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.debian.org/security/2015/dsa-3317",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.securityfocus.com/bid/75998",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.ubuntu.com/usn/USN-2675-1",
      },
      {
         source: "security@ubuntu.com",
         url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e",
      },
      {
         source: "security@ubuntu.com",
         url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/75998",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2675-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
      },
   ],
   sourceIdentifier: "security@ubuntu.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-17",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-05-01 06:59
Modified
2024-11-21 02:59
Severity ?
Summary
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
Impacted products
Vendor Product Version
linuxcontainers lxc *
linuxcontainers lxc *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83629BC8-27B7-479D-A128-EFA5630BB184",
                     versionEndExcluding: "1.0.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B65EC152-48AC-43E9-A1DF-E76C953508A5",
                     versionEndExcluding: "2.0.6",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.",
      },
      {
         lang: "es",
         value: "lxc-attach en LXC entre las versiones 1.0.9 y 2.x hasta la versión 2.0.6 permite que un atacante dentro de un contenedor sin privilegios, utilice un descriptor de archivo heredado de la carpeta /proc del host para acceder al resto del sistema de archivos del host a través de llamadas al sistema openat().",
      },
   ],
   id: "CVE-2016-8649",
   lastModified: "2024-11-21T02:59:45.770",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.1,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.3,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-05-01T06:59:00.157",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/94498",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1398242",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2016-8649",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/94498",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1398242",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2016-8649",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-02-14 15:55
Modified
2024-11-21 01:59
Severity ?
Summary
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADAA3CD5-2DF7-4FA5-8DE8-5C376D34988D",
                     versionEndIncluding: "0.9.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DA7C45E-2A61-42D6-82D3-7F5ED2581770",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B089CD7B-9352-44DB-ACB3-6C5323FDE196",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "131DBF9F-7E49-46C7-B424-F8DFC9A30EA3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E595E900-DB88-48D8-B6CB-21113FE3CC69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "605B4EE9-57FA-4179-B430-7498148AC9C8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "228613D9-EFEB-43E2-BDBC-8D36A2993ED9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C47C5D5-05B5-4503-A8A3-AB26C44566FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "77360E54-2092-4CA8-901D-EA9D70303BF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEC62987-7602-44F3-B623-A39BD02D9234",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D5F42E8-B943-4F63-B1F9-525E96B7D880",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "864B9E0E-1D85-4120-8B58-D4298F0AA9D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "291971FE-7096-43E7-882A-AD01D14B8C45",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0164D9DA-0327-4644-B455-A92311C6AE5F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.6.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "7DDEF7D0-A1E9-414B-A689-240C5DE683D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29978BE7-7E5B-4FF5-B35E-F7F0FD9E15B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "23130573-5884-4DC3-9F12-336B9D6807B6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7D4D3880-C419-4741-ACBB-AC087A3A4BAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "389CE800-E958-4240-BDD6-56AB4A7A3859",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6090283-B39F-4D8C-9756-5248A344509B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E860AF3D-019C-4533-AF38-8251C34F6EC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7760469-C409-473F-BD0E-6D52460324F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "887CC2E2-8736-4B12-991C-0C7576ED00CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:0.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5840AA1-C17A-4FCE-9299-648D002247C0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.",
      },
      {
         lang: "es",
         value: "La plantilla lxc-sshd (templates/lxc-sshd.in) en LXC anterior a 1.0.0.beta2 utiliza permisos de lectura-escritura cuando monta /sbin/init, lo que permite a usuarios locales ganar privilegios mediante la modificación del archivo init.",
      },
   ],
   id: "CVE-2013-6441",
   lastModified: "2024-11-21T01:59:14.343",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-02-14T15:55:05.237",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-2104-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/dotcloud/lxc/pull/1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2104-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/dotcloud/lxc/pull/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-01-09 08:59
Modified
2024-11-21 02:43
Summary
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
Impacted products
Vendor Product Version
linuxcontainers lxc *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "174CEA20-CA6F-44BE-AC6F-301CE073C7EE",
                     versionEndIncluding: "2.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en Linux Containers (LXC) en versiones anteriores a 22-02-2016. Cuando se ejecuta un programa a través de lxc-attach, la sesión no privada puede escapar a la sesión parental utilizando el ioctl TIOCSTI para presionar caracteres en el búfer de entrada del terminal, permitiendo a un atacante escapar del contenedor.",
      },
   ],
   id: "CVE-2016-10124",
   lastModified: "2024-11-21T02:43:21.373",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-01-09T08:59:00.153",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2014/12/15/5",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2015/09/03/5",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/95404",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6",
      },
      {
         source: "cve@mitre.org",
         url: "https://security.gentoo.org/glsa/201711-09",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2014/12/15/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/09/03/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/95404",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201711-09",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-284",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-08-12 14:59
Modified
2024-11-21 02:25
Severity ?
Summary
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
Impacted products
Vendor Product Version
linuxcontainers lxc *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4D42FBB3-FE4C-462D-BF7C-84A64DC5ED25",
                     versionEndIncluding: "1.1.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad en lxclock.c en LXC 1.1.2 y versiones anteriores, permite a usuarios locales crear archivos arbitrarios a través de un ataque symlink en /run/lock/lxc/*.",
      },
   ],
   id: "CVE-2015-1331",
   lastModified: "2024-11-21T02:25:11.097",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               confidentialityImpact: "NONE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:C/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-08-12T14:59:03.823",
   references: [
      {
         source: "security@ubuntu.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.debian.org/security/2015/dsa-3317",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.securityfocus.com/bid/75999",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.ubuntu.com/usn/USN-2675-1",
      },
      {
         source: "security@ubuntu.com",
         tags: [
            "Exploit",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842",
      },
      {
         source: "security@ubuntu.com",
         url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6",
      },
      {
         source: "security@ubuntu.com",
         url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3317",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/75999",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2675-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
      },
   ],
   sourceIdentifier: "security@ubuntu.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-01-01 06:15
Modified
2024-11-21 07:32
Summary
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
Impacted products
Vendor Product Version
linuxcontainers lxc *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "56BE1A46-7BA1-4936-A2D1-723150A220BA",
                     versionEndIncluding: "5.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.",
      },
      {
         lang: "es",
         value: "lxc-user-nic en lxc hasta 5.0.1 está instalado con setuid root y puede permitir a los usuarios locales inferir si existe algún archivo, incluso dentro de un árbol de directorios protegido, porque \"Error al abrir\" a menudo indica que un archivo no existe. mientras que \"no se refiere a una ruta de espacio de nombres de red\" a menudo indica que existe un archivo. NOTA: esto es diferente de CVE-2018-6556 porque el diseño de la corrección CVE-2018-6556 se basó en la premisa de que \"informaremos al usuario que open() falló pero el usuario no tiene forma de saber por qué\". fallido\"; sin embargo, en muchos casos realistas, no hay razones plausibles para fallar excepto que el archivo no existe.",
      },
   ],
   id: "CVE-2022-47952",
   lastModified: "2024-11-21T07:32:37.827",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 3.3,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-01-01T06:15:09.860",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/MaherAzzouzi/CVE-2022-47952",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/MaherAzzouzi/CVE-2022-47952",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2015-10-01 20:59
Modified
2024-11-21 02:25
Severity ?
Summary
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
References
security@ubuntu.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html
security@ubuntu.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html
security@ubuntu.comhttp://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
security@ubuntu.comhttp://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html
security@ubuntu.comhttp://www.debian.org/security/2015/dsa-3400
security@ubuntu.comhttp://www.openwall.com/lists/oss-security/2015/09/29/4
security@ubuntu.comhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
security@ubuntu.comhttp://www.securityfocus.com/bid/76894
security@ubuntu.comhttp://www.ubuntu.com/usn/USN-2753-1
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662
security@ubuntu.comhttps://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be
security@ubuntu.comhttps://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3400
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/09/29/4
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/76894
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2753-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662
af854a3a-2127-422b-91ae-364da2661108https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be
af854a3a-2127-422b-91ae-364da2661108https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.htmlPatch, Vendor Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DB7C740C-6A6C-4282-A3E2-A0235E0B0CD0",
                     versionEndIncluding: "1.0.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC5A5655-2884-40DA-9727-63F3DD0CE414",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C9ECBC3-1412-4965-86B0-AE8406CE9575",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:1.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "42727902-18EA-4A84-A794-837F7A26690C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:1.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "B7E279D4-3B92-4548-AA15-A7CD8348D877",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.",
      },
      {
         lang: "es",
         value: "lxc-start en lxc en versiones anteriores a 1.0.8 y 1.1x en versiones anteriores a 1.1.4, permite a los administradores locales del contenedor escapar del confinamiento AppArmor a través de un ataque de enlace simbólico en un (1) montaje destino o (2) enlace a la fuente de montaje.",
      },
   ],
   id: "CVE-2015-1335",
   lastModified: "2024-11-21T02:25:11.647",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2015-10-01T20:59:00.100",
   references: [
      {
         source: "security@ubuntu.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.debian.org/security/2015/dsa-3400",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.openwall.com/lists/oss-security/2015/09/29/4",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.securityfocus.com/bid/76894",
      },
      {
         source: "security@ubuntu.com",
         url: "http://www.ubuntu.com/usn/USN-2753-1",
      },
      {
         source: "security@ubuntu.com",
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
      },
      {
         source: "security@ubuntu.com",
         url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
      },
      {
         source: "security@ubuntu.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2015/dsa-3400",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2015/09/29/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/76894",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-2753-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html",
      },
   ],
   sourceIdentifier: "security@ubuntu.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-59",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2017-03-14 17:59
Modified
2024-11-21 03:28
Summary
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Impacted products
Vendor Product Version
linuxcontainers lxc *
linuxcontainers lxc *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD42973B-545C-4D49-8DDA-CB3A9D6C68F5",
                     versionEndIncluding: "1.0.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A326DD9B-29E6-4253-8270-B9D85FF0E8AF",
                     versionEndIncluding: "2.0.6",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.",
      },
      {
         lang: "es",
         value: "lxc-user-nic en Linux Containers (LXC) permite a usuarios locales con una asignación lxc-usernet crear interfaces de red en el host y elegir el nombre de esas interfaces aprovechando la falta de verificación de propiedad de netns.",
      },
   ],
   id: "CVE-2017-5985",
   lastModified: "2024-11-21T03:28:50.057",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 3.3,
               baseSeverity: "LOW",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-03-14T17:59:00.183",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/03/09/4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/96777",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-3224-1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2017/03/09/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/96777",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "http://www.ubuntu.com/usn/USN-3224-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-862",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-02-11 19:29
Modified
2024-11-21 04:45
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://packetstormsecurity.com/files/163339/Docker-Container-Escape.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/03/23/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/10/24/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/10/29/3Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/01/31/6
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/02/01/1
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/02/02/3
cve@mitre.orghttp://www.securityfocus.com/bid/106976Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0303Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0304Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0401Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0408Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:0975Third Party Advisory
cve@mitre.orghttps://access.redhat.com/security/cve/cve-2019-5736Third Party Advisory
cve@mitre.orghttps://access.redhat.com/security/vulnerabilities/runcescapeThird Party Advisory
cve@mitre.orghttps://aws.amazon.com/security/security-bulletins/AWS-2019-002/Third Party Advisory
cve@mitre.orghttps://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/Patch, Third Party Advisory, Vendor Advisory
cve@mitre.orghttps://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/Patch, Third Party Advisory, Vendor Advisory
cve@mitre.orghttps://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.htmlExploit, Mitigation, Third Party Advisory
cve@mitre.orghttps://brauner.github.io/2019/02/12/privileged-containers.htmlExploit, Technical Description, Third Party Advisory
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1121967Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runcThird Party Advisory
cve@mitre.orghttps://github.com/Frichetten/CVE-2019-5736-PoCExploit, Third Party Advisory
cve@mitre.orghttps://github.com/docker/docker-ce/releases/tag/v18.09.2Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558bPatch, Third Party Advisory
cve@mitre.orghttps://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40dPatch, Third Party Advisory
cve@mitre.orghttps://github.com/q3k/cve-2019-5736-pocExploit, Third Party Advisory
cve@mitre.orghttps://github.com/rancher/runc-cveThird Party Advisory
cve@mitre.orghttps://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
cve@mitre.orghttps://security.gentoo.org/glsa/202003-21Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190307-0008/Third Party Advisory
cve@mitre.orghttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944Third Party Advisory
cve@mitre.orghttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_usPermissions Required
cve@mitre.orghttps://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003Exploit, Patch, Third Party Advisory
cve@mitre.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runcThird Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4048-1/Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/46359/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.exploit-db.com/exploits/46369/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2019/02/11/2Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://www.synology.com/security/advisory/Synology_SA_19_06Third Party Advisory
cve@mitre.orghttps://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/163339/Docker-Container-Escape.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/03/23/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/28/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/07/06/4Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/10/24/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/10/29/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/01/31/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/02/01/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/02/02/3
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106976Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0303Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0304Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0401Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0408Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:0975Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2019-5736Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/vulnerabilities/runcescapeThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://aws.amazon.com/security/security-bulletins/AWS-2019-002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.htmlExploit, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://brauner.github.io/2019/02/12/privileged-containers.htmlExploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1121967Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runcThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Frichetten/CVE-2019-5736-PoCExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/docker/docker-ce/releases/tag/v18.09.2Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558bPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40dPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/q3k/cve-2019-5736-pocExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/rancher/runc-cveThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-21Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190307-0008/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_usPermissions Required
af854a3a-2127-422b-91ae-364da2661108https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runcThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4048-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/46359/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/46369/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2019/02/11/2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/security/advisory/Synology_SA_19_06Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A367C4FA-18DF-402F-B120-254B35F73BD1",
                     versionEndExcluding: "18.09.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D522E8C1-E7F0-4A3D-AF68-6D962944A0E5",
                     versionEndIncluding: "0.1.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "949172CC-EBB5-47F6-B987-207C802EED0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "F6D87B50-2849-4F4D-A0F9-4F7EBA3C2647",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "3E580E25-F94C-4DA4-8718-15D5F1C3ADAF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "FD565CE0-D9E9-4FD9-8998-8AC55030FAB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*",
                     matchCriteriaId: "093326B1-448C-4E3B-886D-CAC8B6813BFF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*",
                     matchCriteriaId: "F672C421-789D-4F21-B483-DA3EB251BA1D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:container_development_kit:3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "48FAFDE5-1E73-4874-8F2E-3C74B1955096",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "785C0A0D-5FF3-43D5-B89F-DCB2D6FDE310",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9955945-7509-4542-BF83-B7BA0B4D8D05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "55349BC5-90EC-4954-8CEB-3C37D34742C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:google:kubernetes_engine:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C2EB454-D0C9-47FC-B727-1D61A8811967",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AF77BB2-6F7A-408A-9F54-60F1F53B3709",
                     versionEndExcluding: "3.2.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:hp:onesphere:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "41FF9E5A-7BD1-477E-9875-8525FD87B13F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A3C19813-E823-456A-B1CE-EC0684CE1953",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA0695E0-954A-4533-9D93-58257E9EA6D5",
                     versionEndExcluding: "1.4.3",
                     versionStartIncluding: "1.4.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B51B8DF0-FCE4-42A7-A582-0476226C6188",
                     versionEndExcluding: "1.5.3",
                     versionStartIncluding: "1.5.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "01878119-E05A-469B-B49D-5D19082CED28",
                     versionEndExcluding: "1.6.2",
                     versionStartIncluding: "1.6.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:mesos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AB1BB7C-46A1-4676-9D15-D75EC1E4594C",
                     versionEndExcluding: "1.7.2",
                     versionStartIncluding: "1.7.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:d2iq:kubernetes_engine:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "632B24FA-F2D6-42B0-87C7-7F142E15EFC7",
                     versionEndExcluding: "2.2.0-1.13.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0AD20FA7-737F-47C0-B2AC-735438253AA9",
                     versionEndExcluding: "1.10.10",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E5AE03E-3AC4-4439-9D0D-45E097B2552C",
                     versionEndExcluding: "1.11.9",
                     versionStartIncluding: "1.10.11",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:d2iq:dc\\/os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2F3078E-08E0-4C76-A7A3-A93B953BEDD5",
                     versionEndExcluding: "1.12.1",
                     versionStartIncluding: "1.11.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
                     matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DCFB2E7-D769-4365-9B99-952907563749",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*",
                     matchCriteriaId: "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.08:*:*:*:*:*:*:*",
                     matchCriteriaId: "934D6CB3-E159-40F4-8E5B-CDDDD824CAA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:microfocus:service_management_automation:2018.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "82C0FD9D-6117-40DE-9386-7327867F9615",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
      },
      {
         lang: "es",
         value: "runc, hasta la versión 1.0-rc6, tal y como se emplea en Docker, en versiones anteriores a la 18.09.2 y otros productos, permite que los atacantes sobrescriban el binario del host runc (y, así, obtengan acceso root al host) aprovechando la capacidad para ejecutar un comando como root con uno de estos tipos de contenedores: (1) un nuevo contenedor con una imagen controlada por el atacante o (2) un contenedor existente, para el cual el atacante contaba previamente con acceso de escritura, que puede adjuntarse con docker exec. Esto ocurre debido a la gestión incorrecta del descriptor de archivos; esto está relacionado con /proc/self/exe.",
      },
   ],
   id: "CVE-2019-5736",
   lastModified: "2024-11-21T04:45:24.603",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-02-11T19:29:00.297",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/03/23/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/06/28/2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/07/06/3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/07/06/4",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/10/24/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/10/29/3",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2024/01/31/6",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2024/02/01/1",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.openwall.com/lists/oss-security/2024/02/02/3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106976",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0303",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0304",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0401",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0408",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0975",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2019-5736",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/vulnerabilities/runcescape",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://brauner.github.io/2019/02/12/privileged-containers.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Frichetten/CVE-2019-5736-PoC",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/q3k/cve-2019-5736-poc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/rancher/runc-cve",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-21",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190307-0008/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Permissions Required",
         ],
         url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4048-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46359/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46369/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2019/02/11/2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_19_06",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/03/23/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/06/28/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/07/06/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/07/06/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/10/24/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/10/29/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/01/31/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/02/01/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/02/02/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106976",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0304",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0401",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0408",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:0975",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2019-5736",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/vulnerabilities/runcescape",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "Vendor Advisory",
         ],
         url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Technical Description",
            "Third Party Advisory",
         ],
         url: "https://brauner.github.io/2019/02/12/privileged-containers.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/Frichetten/CVE-2019-5736-PoC",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Third Party Advisory",
         ],
         url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://github.com/q3k/cve-2019-5736-poc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/rancher/runc-cve",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202003-21",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190307-0008/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4048-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46359/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46369/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2019/02/11/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.synology.com/security/advisory/Synology_SA_19_06",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-78",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-08-10 15:29
Modified
2024-11-21 04:10
Summary
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
References
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlMailing List, Third Party Advisory
security@ubuntu.comhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591Issue Tracking, Third Party Advisory
security@ubuntu.comhttps://bugzilla.suse.com/show_bug.cgi?id=988348Issue Tracking, Patch
security@ubuntu.comhttps://security.gentoo.org/glsa/201808-02Third Party Advisory
security@ubuntu.comhttps://usn.ubuntu.com/usn/usn-3730-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=988348Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201808-02Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/usn/usn-3730-1Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6930BFF7-B9DE-4C00-9417-01142E02D009",
                     versionEndIncluding: "2.0.9",
                     versionStartIncluding: "2.0.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:linuxcontainers:lxc:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5618B173-83E7-4BFC-8AE8-22D6CDA7EB3A",
                     versionEndExcluding: "3.0.2",
                     versionStartIncluding: "3.0.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:suse:caas_platform:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "44BF9D66-26B1-4BEA-BFA1-9115D06F0C06",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:suse:caas_platform:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "85D9542F-8D5A-430B-9804-B8170E067CCE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:suse:openstack_cloud:6:*:*:*:*:*:*:*",
                     matchCriteriaId: "53945BEC-81F5-44F8-8035-7A4E5E2DA5B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
                     matchCriteriaId: "657C3582-75D1-4724-921C-FD4325D6D1D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*",
                     matchCriteriaId: "41E76620-EC14-4D2B-828F-53F26DEA5DDC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.",
      },
      {
         lang: "es",
         value: "Cuando se solicita a lxc-user-nic que elimine una interfaz de red, abrirá de forma incondicional una ruta proporcionada por el usuario. Esta ruta de código podría ser empleada por un usuario sin privilegios para comprobar la existencia de una ruta que no hubiese podido alcanzar de otra forma. También podría emplearse para desencadenar efectos secundarios provocando la apertura (solo lectura) de archivos especiales del kernel (ptmx, proc, sys). Los productos afectados son LXC: desde la versión 2.0 hasta después de la la 2.0.9 (incluida) y desde la versión 3.0 hasta después de la 3.0.0, anterior a la 3.0.2.",
      },
   ],
   id: "CVE-2018-6556",
   lastModified: "2024-11-21T04:10:53.970",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 3.3,
               baseSeverity: "LOW",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.0",
            },
            exploitabilityScore: 1.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-08-10T15:29:01.297",
   references: [
      {
         source: "security@ubuntu.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
      },
      {
         source: "security@ubuntu.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html",
      },
      {
         source: "security@ubuntu.com",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
      },
      {
         source: "security@ubuntu.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "security@ubuntu.com",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591",
      },
      {
         source: "security@ubuntu.com",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=988348",
      },
      {
         source: "security@ubuntu.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201808-02",
      },
      {
         source: "security@ubuntu.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/usn/usn-3730-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Patch",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=988348",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201808-02",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/usn/usn-3730-1",
      },
   ],
   sourceIdentifier: "security@ubuntu.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-417",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2015-1335
Vulnerability from cvelistv5
Published
2015-10-01 20:00
Modified
2024-08-06 04:40
Severity ?
Summary
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:40:18.564Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "FEDORA-2015-9f8f4b182a",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html",
               },
               {
                  name: "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html",
               },
               {
                  name: "DSA-3400",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3400",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
               },
               {
                  name: "76894",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/76894",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
               },
               {
                  name: "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/09/29/4",
               },
               {
                  name: "USN-2753-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2753-1",
               },
               {
                  name: "FEDORA-2015-211974138f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html",
               },
               {
                  name: "FEDORA-2015-ebfe46536f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html",
               },
               {
                  name: "openSUSE-SU-2015:1717",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html",
               },
               {
                  name: "openSUSE-SU-2019:1481",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-09-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-31T20:06:03",
            orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            shortName: "canonical",
         },
         references: [
            {
               name: "FEDORA-2015-9f8f4b182a",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html",
            },
            {
               name: "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html",
            },
            {
               name: "DSA-3400",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3400",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
            },
            {
               name: "76894",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/76894",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
            },
            {
               name: "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/09/29/4",
            },
            {
               name: "USN-2753-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2753-1",
            },
            {
               name: "FEDORA-2015-211974138f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html",
            },
            {
               name: "FEDORA-2015-ebfe46536f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html",
            },
            {
               name: "openSUSE-SU-2015:1717",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html",
            },
            {
               name: "openSUSE-SU-2019:1481",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@ubuntu.com",
               ID: "CVE-2015-1335",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "FEDORA-2015-9f8f4b182a",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html",
                  },
                  {
                     name: "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
                     refsource: "MLIST",
                     url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html",
                  },
                  {
                     name: "DSA-3400",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3400",
                  },
                  {
                     name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
                     refsource: "CONFIRM",
                     url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  },
                  {
                     name: "76894",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/76894",
                  },
                  {
                     name: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
                     refsource: "CONFIRM",
                     url: "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
                  },
                  {
                     name: "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/09/29/4",
                  },
                  {
                     name: "USN-2753-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2753-1",
                  },
                  {
                     name: "FEDORA-2015-211974138f",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html",
                  },
                  {
                     name: "FEDORA-2015-ebfe46536f",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html",
                  },
                  {
                     name: "openSUSE-SU-2015:1717",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1481",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
      assignerShortName: "canonical",
      cveId: "CVE-2015-1335",
      datePublished: "2015-10-01T20:00:00",
      dateReserved: "2015-01-22T00:00:00",
      dateUpdated: "2024-08-06T04:40:18.564Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-8649
Vulnerability from cvelistv5
Published
2017-05-01 06:08
Modified
2024-08-06 02:27
Severity ?
Summary
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.
Impacted products
Vendor Product Version
n/a LXC before 1.0.9 and 2.x before 2.0.6 Version: LXC before 1.0.9 and 2.x before 2.0.6
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T02:27:41.373Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1398242",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2016-8649",
               },
               {
                  name: "94498",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/94498",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "LXC before 1.0.9 and 2.x before 2.0.6",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "LXC before 1.0.9 and 2.x before 2.0.6",
                  },
               ],
            },
         ],
         datePublic: "2017-05-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "container bypass",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-05-01T06:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1398242",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1639345",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845465",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2016-8649",
            },
            {
               name: "94498",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/94498",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-8649",
      datePublished: "2017-05-01T06:08:00",
      dateReserved: "2016-10-12T00:00:00",
      dateUpdated: "2024-08-06T02:27:41.373Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-5736
Vulnerability from cvelistv5
Published
2019-02-11 00:00
Modified
2024-08-04 20:01
Severity ?
Summary
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
References
https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d
https://access.redhat.com/errata/RHSA-2019:0408vendor-advisory
https://github.com/rancher/runc-cve
https://access.redhat.com/errata/RHSA-2019:0401vendor-advisory
https://github.com/docker/docker-ce/releases/tag/v18.09.2
https://www.synology.com/security/advisory/Synology_SA_19_06
https://security.netapp.com/advisory/ntap-20190307-0008/
https://access.redhat.com/errata/RHSA-2019:0303vendor-advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runcvendor-advisory
https://github.com/q3k/cve-2019-5736-poc
https://www.exploit-db.com/exploits/46359/exploit
https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b
https://aws.amazon.com/security/security-bulletins/AWS-2019-002/
https://www.openwall.com/lists/oss-security/2019/02/11/2
https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/
https://access.redhat.com/security/cve/cve-2019-5736
https://www.exploit-db.com/exploits/46369/exploit
https://access.redhat.com/errata/RHSA-2019:0304vendor-advisory
https://github.com/Frichetten/CVE-2019-5736-PoC
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us
https://brauner.github.io/2019/02/12/privileged-containers.html
https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/
https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc
http://www.securityfocus.com/bid/106976vdb-entry
https://access.redhat.com/security/vulnerabilities/runcescape
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
https://bugzilla.suse.com/show_bug.cgi?id=1121967
https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3Emailing-list
https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3Emailing-list
http://www.openwall.com/lists/oss-security/2019/03/23/1mailing-list
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlvendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/vendor-advisory
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944
https://access.redhat.com/errata/RHSA-2019:0975vendor-advisory
https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/
https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/
https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3Emailing-list
https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3Emailing-list
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlvendor-advisory
http://www.openwall.com/lists/oss-security/2019/06/28/2mailing-list
http://www.openwall.com/lists/oss-security/2019/07/06/3mailing-list
http://www.openwall.com/lists/oss-security/2019/07/06/4mailing-list
https://usn.ubuntu.com/4048-1/vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlvendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/vendor-advisory
https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3Emailing-list
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlvendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlvendor-advisory
http://www.openwall.com/lists/oss-security/2019/10/24/1mailing-list
http://www.openwall.com/lists/oss-security/2019/10/29/3mailing-list
https://security.gentoo.org/glsa/202003-21vendor-advisory
https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3Emailing-list
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html
http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html
http://www.openwall.com/lists/oss-security/2024/01/31/6mailing-list
http://www.openwall.com/lists/oss-security/2024/02/01/1mailing-list
http://www.openwall.com/lists/oss-security/2024/02/02/3mailing-list
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:01:52.208Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
               },
               {
                  name: "RHSA-2019:0408",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0408",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/rancher/runc-cve",
               },
               {
                  name: "RHSA-2019:0401",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0401",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.synology.com/security/advisory/Synology_SA_19_06",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190307-0008/",
               },
               {
                  name: "RHSA-2019:0303",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0303",
               },
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/q3k/cve-2019-5736-poc",
               },
               {
                  name: "46359",
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/46359/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2019/02/11/2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2019-5736",
               },
               {
                  name: "46369",
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/46369/",
               },
               {
                  name: "RHSA-2019:0304",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0304",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/Frichetten/CVE-2019-5736-PoC",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://brauner.github.io/2019/02/12/privileged-containers.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
               },
               {
                  name: "106976",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106976",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/vulnerabilities/runcescape",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
               },
               {
                  name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E",
               },
               {
                  name: "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E",
               },
               {
                  name: "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/03/23/1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
               },
               {
                  name: "openSUSE-SU-2019:1079",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
               },
               {
                  name: "openSUSE-SU-2019:1227",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
               },
               {
                  name: "openSUSE-SU-2019:1275",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
               },
               {
                  name: "FEDORA-2019-bc70b381ad",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
               },
               {
                  name: "FEDORA-2019-6174b47003",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
               },
               {
                  name: "RHSA-2019:0975",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:0975",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
               },
               {
                  name: "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E",
               },
               {
                  name: "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E",
               },
               {
                  name: "openSUSE-SU-2019:1444",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
               },
               {
                  name: "openSUSE-SU-2019:1481",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
               },
               {
                  name: "openSUSE-SU-2019:1499",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
               },
               {
                  name: "openSUSE-SU-2019:1506",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
               },
               {
                  name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/06/28/2",
               },
               {
                  name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/07/06/3",
               },
               {
                  name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/07/06/4",
               },
               {
                  name: "USN-4048-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4048-1/",
               },
               {
                  name: "openSUSE-SU-2019:2021",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
               },
               {
                  name: "FEDORA-2019-2baa1f7b19",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
               },
               {
                  name: "FEDORA-2019-c1dac1b3b8",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
               },
               {
                  name: "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E",
               },
               {
                  name: "openSUSE-SU-2019:2245",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
               },
               {
                  name: "openSUSE-SU-2019:2286",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
               },
               {
                  name: "[oss-security] 20191023 Membership application for linux-distros - VMware",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/10/24/1",
               },
               {
                  name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/10/29/3",
               },
               {
                  name: "GLSA-202003-21",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-21",
               },
               {
                  name: "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E",
               },
               {
                  name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html",
               },
               {
                  name: "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/01/31/6",
               },
               {
                  name: "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/02/01/1",
               },
               {
                  name: "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/02/02/3",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-02-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-02T12:06:25.591627",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
            },
            {
               name: "RHSA-2019:0408",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0408",
            },
            {
               url: "https://github.com/rancher/runc-cve",
            },
            {
               name: "RHSA-2019:0401",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0401",
            },
            {
               url: "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
            },
            {
               url: "https://www.synology.com/security/advisory/Synology_SA_19_06",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20190307-0008/",
            },
            {
               name: "RHSA-2019:0303",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0303",
            },
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
            },
            {
               url: "https://github.com/q3k/cve-2019-5736-poc",
            },
            {
               name: "46359",
               tags: [
                  "exploit",
               ],
               url: "https://www.exploit-db.com/exploits/46359/",
            },
            {
               url: "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
            },
            {
               url: "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
            },
            {
               url: "https://www.openwall.com/lists/oss-security/2019/02/11/2",
            },
            {
               url: "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
            },
            {
               url: "https://access.redhat.com/security/cve/cve-2019-5736",
            },
            {
               name: "46369",
               tags: [
                  "exploit",
               ],
               url: "https://www.exploit-db.com/exploits/46369/",
            },
            {
               name: "RHSA-2019:0304",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0304",
            },
            {
               url: "https://github.com/Frichetten/CVE-2019-5736-PoC",
            },
            {
               url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
            },
            {
               url: "https://brauner.github.io/2019/02/12/privileged-containers.html",
            },
            {
               url: "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
            },
            {
               url: "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
            },
            {
               name: "106976",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/106976",
            },
            {
               url: "https://access.redhat.com/security/vulnerabilities/runcescape",
            },
            {
               url: "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
            },
            {
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
            },
            {
               name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E",
            },
            {
               name: "[mesos-user] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706%40%3Cuser.mesos.apache.org%3E",
            },
            {
               name: "[oss-security] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/03/23/1",
            },
            {
               url: "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
            },
            {
               name: "openSUSE-SU-2019:1079",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
            },
            {
               name: "openSUSE-SU-2019:1227",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
            },
            {
               name: "openSUSE-SU-2019:1275",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
            },
            {
               name: "FEDORA-2019-bc70b381ad",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
            },
            {
               name: "FEDORA-2019-6174b47003",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
            },
            {
               url: "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
            },
            {
               name: "RHSA-2019:0975",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:0975",
            },
            {
               url: "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
            },
            {
               url: "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
            },
            {
               name: "[dlab-dev] 20190524 [jira] [Created] (DLAB-723) Runc vulnerability CVE-2019-5736",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e%40%3Cdev.dlab.apache.org%3E",
            },
            {
               name: "[dlab-dev] 20190524 [jira] [Updated] (DLAB-723) Runc vulnerability CVE-2019-5736",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46%40%3Cdev.dlab.apache.org%3E",
            },
            {
               name: "openSUSE-SU-2019:1444",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
            },
            {
               name: "openSUSE-SU-2019:1481",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
            },
            {
               name: "openSUSE-SU-2019:1499",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
            },
            {
               name: "openSUSE-SU-2019:1506",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
            },
            {
               name: "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/06/28/2",
            },
            {
               name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/07/06/3",
            },
            {
               name: "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/07/06/4",
            },
            {
               name: "USN-4048-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/4048-1/",
            },
            {
               name: "openSUSE-SU-2019:2021",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
            },
            {
               name: "FEDORA-2019-2baa1f7b19",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
            },
            {
               name: "FEDORA-2019-c1dac1b3b8",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
            },
            {
               name: "[dlab-dev] 20190923 [jira] [Assigned] (DLAB-723) Runc vulnerability CVE-2019-5736",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3%40%3Cdev.dlab.apache.org%3E",
            },
            {
               name: "openSUSE-SU-2019:2245",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
            },
            {
               name: "openSUSE-SU-2019:2286",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
            },
            {
               name: "[oss-security] 20191023 Membership application for linux-distros - VMware",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/10/24/1",
            },
            {
               name: "[oss-security] 20191029 Re: Membership application for linux-distros - VMware",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/10/29/3",
            },
            {
               name: "GLSA-202003-21",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202003-21",
            },
            {
               name: "[dlab-dev] 20200525 [jira] [Deleted] (DLAB-723) Runc vulnerability CVE-2019-5736",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587%40%3Cdev.dlab.apache.org%3E",
            },
            {
               name: "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E",
            },
            {
               url: "http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html",
            },
            {
               url: "http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html",
            },
            {
               name: "[oss-security] 20240201 runc: CVE-2024-21626: high severity container breakout attack",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/01/31/6",
            },
            {
               name: "[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/02/01/1",
            },
            {
               name: "[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/02/02/3",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-5736",
      datePublished: "2019-02-11T00:00:00",
      dateReserved: "2019-01-08T00:00:00",
      dateUpdated: "2024-08-04T20:01:52.208Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-6441
Vulnerability from cvelistv5
Published
2014-02-14 15:00
Modified
2024-08-06 17:39
Severity ?
Summary
The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T17:39:01.387Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-2104-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2104-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/dotcloud/lxc/pull/1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-02-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2014-02-14T14:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "USN-2104-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2104-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/ubuntu/%2Bsource/lxc/%2Bbug/1261045",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/dotcloud/lxc/pull/1",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-6441",
      datePublished: "2014-02-14T15:00:00",
      dateReserved: "2013-11-04T00:00:00",
      dateUpdated: "2024-08-06T17:39:01.387Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-5985
Vulnerability from cvelistv5
Published
2017-03-14 17:00
Modified
2024-08-05 15:18
Severity ?
Summary
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T15:18:49.414Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9",
               },
               {
                  name: "96777",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/96777",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676",
               },
               {
                  name: "USN-3224-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3224-1",
               },
               {
                  name: "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2017/03/09/4",
               },
               {
                  name: "openSUSE-SU-2019:1481",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-03-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-31T20:06:03",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9",
            },
            {
               name: "96777",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/96777",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676",
            },
            {
               name: "USN-3224-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3224-1",
            },
            {
               name: "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2017/03/09/4",
            },
            {
               name: "openSUSE-SU-2019:1481",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-5985",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[lxc-devel] 20170309 Security fix for CVE-2017-5985 (lxc-user-nic)",
                     refsource: "MLIST",
                     url: "https://lists.linuxcontainers.org/pipermail/lxc-devel/2017-March/015535.html",
                  },
                  {
                     name: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9",
                     refsource: "CONFIRM",
                     url: "https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9",
                  },
                  {
                     name: "96777",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/96777",
                  },
                  {
                     name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676",
                     refsource: "CONFIRM",
                     url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676",
                  },
                  {
                     name: "USN-3224-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3224-1",
                  },
                  {
                     name: "[oss-security] 20170309 LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2017/03/09/4",
                  },
                  {
                     name: "openSUSE-SU-2019:1481",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-5985",
      datePublished: "2017-03-14T17:00:00",
      dateReserved: "2017-02-13T00:00:00",
      dateUpdated: "2024-08-05T15:18:49.414Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-47952
Vulnerability from cvelistv5
Published
2023-01-01 00:00
Modified
2024-08-03 15:02
Severity ?
Summary
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T15:02:36.654Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/MaherAzzouzi/CVE-2022-47952",
               },
               {
                  name: "[debian-lts-announce] 20230821 [SECURITY] [DLA 3533-1] lxc security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because \"Failed to open\" often indicates that a file does not exist, whereas \"does not refer to a network namespace path\" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that \"we will report back to the user that the open() failed but the user has no way of knowing why it failed\"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-08-21T22:06:16.179646",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/lxc.spec.in#L274",
            },
            {
               url: "https://github.com/lxc/lxc/blob/0b83d71c2c8f3bac9503f894cd84584f79258bb3/src/lxc/cmd/lxc_user_nic.c#L1085-L1104",
            },
            {
               url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45",
            },
            {
               url: "https://github.com/MaherAzzouzi/CVE-2022-47952",
            },
            {
               name: "[debian-lts-announce] 20230821 [SECURITY] [DLA 3533-1] lxc security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00025.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-47952",
      datePublished: "2023-01-01T00:00:00",
      dateReserved: "2022-12-24T00:00:00",
      dateUpdated: "2024-08-03T15:02:36.654Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1331
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 04:40
Severity ?
Summary
lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:40:18.356Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-3317",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3317",
               },
               {
                  name: "75999",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/75999",
               },
               {
                  name: "USN-2675-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2675-1",
               },
               {
                  name: "openSUSE-SU-2015:1315",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842",
               },
               {
                  name: "openSUSE-SU-2019:1481",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-07-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-31T20:06:03",
            orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            shortName: "canonical",
         },
         references: [
            {
               name: "DSA-3317",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3317",
            },
            {
               name: "75999",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/75999",
            },
            {
               name: "USN-2675-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2675-1",
            },
            {
               name: "openSUSE-SU-2015:1315",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842",
            },
            {
               name: "openSUSE-SU-2019:1481",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@ubuntu.com",
               ID: "CVE-2015-1331",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-3317",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3317",
                  },
                  {
                     name: "75999",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/75999",
                  },
                  {
                     name: "USN-2675-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2675-1",
                  },
                  {
                     name: "openSUSE-SU-2015:1315",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
                  },
                  {
                     name: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
                     refsource: "MISC",
                     url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
                  },
                  {
                     name: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6",
                     refsource: "CONFIRM",
                     url: "https://github.com/lxc/lxc/commit/72cf81f6a3404e35028567db2c99a90406e9c6e6",
                  },
                  {
                     name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842",
                     refsource: "CONFIRM",
                     url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1470842",
                  },
                  {
                     name: "openSUSE-SU-2019:1481",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
      assignerShortName: "canonical",
      cveId: "CVE-2015-1331",
      datePublished: "2015-08-12T14:00:00",
      dateReserved: "2015-01-22T00:00:00",
      dateUpdated: "2024-08-06T04:40:18.356Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2017-18641
Vulnerability from cvelistv5
Published
2020-02-10 00:30
Modified
2024-08-05 21:28
Severity ?
Summary
In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T21:28:55.979Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-10T00:30:50",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2017-18641",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447",
                     refsource: "MISC",
                     url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2017-18641",
      datePublished: "2020-02-10T00:30:50",
      dateReserved: "2020-02-10T00:00:00",
      dateUpdated: "2024-08-05T21:28:55.979Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-6556
Vulnerability from cvelistv5
Published
2018-08-10 15:00
Modified
2024-09-17 03:38
Severity ?
Summary
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.
Impacted products
Vendor Product Version
n/a LXC Version: 2.0.9   < 2.0*
Version: 3.0.0   < 3.0*
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:10:10.096Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-3730-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/usn/usn-3730-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591",
               },
               {
                  name: "GLSA-201808-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201808-02",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=988348",
               },
               {
                  name: "openSUSE-SU-2019:1227",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
               },
               {
                  name: "openSUSE-SU-2019:1230",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html",
               },
               {
                  name: "openSUSE-SU-2019:1275",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
               },
               {
                  name: "openSUSE-SU-2019:1481",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "LXC",
               vendor: "n/a",
               versions: [
                  {
                     lessThan: "2.0*",
                     status: "affected",
                     version: "2.0.9",
                     versionType: "custom",
                  },
                  {
                     changes: [
                        {
                           at: "3.0.2",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "3.0*",
                     status: "affected",
                     version: "3.0.0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Matthias Gerstner from SUSE",
            },
         ],
         datePublic: "2018-08-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Incorrect access control",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-31T20:06:03",
            orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            shortName: "canonical",
         },
         references: [
            {
               name: "USN-3730-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/usn/usn-3730-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591",
            },
            {
               name: "GLSA-201808-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201808-02",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=988348",
            },
            {
               name: "openSUSE-SU-2019:1227",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
            },
            {
               name: "openSUSE-SU-2019:1230",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html",
            },
            {
               name: "openSUSE-SU-2019:1275",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
            },
            {
               name: "openSUSE-SU-2019:1481",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
            },
         ],
         source: {
            advisory: "USN-3730-1",
            defect: [
               "1783591",
            ],
            discovery: "EXTERNAL",
         },
         title: "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@ubuntu.com",
               DATE_PUBLIC: "2018-08-06T16:00:00.000Z",
               ID: "CVE-2018-6556",
               STATE: "PUBLIC",
               TITLE: "The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "LXC",
                                 version: {
                                    version_data: [
                                       {
                                          affected: ">=",
                                          version_affected: ">=",
                                          version_name: "2.0",
                                          version_value: "2.0.9",
                                       },
                                       {
                                          affected: ">=",
                                          version_affected: ">=",
                                          version_name: "3.0",
                                          version_value: "3.0.0",
                                       },
                                       {
                                          affected: "<",
                                          version_affected: "<",
                                          version_name: "3.0",
                                          version_value: "3.0.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            credit: [
               {
                  lang: "eng",
                  value: "Matthias Gerstner from SUSE",
               },
            ],
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Incorrect access control",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-3730-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/usn/usn-3730-1",
                  },
                  {
                     name: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591",
                     refsource: "CONFIRM",
                     url: "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591",
                  },
                  {
                     name: "GLSA-201808-02",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201808-02",
                  },
                  {
                     name: "https://bugzilla.suse.com/show_bug.cgi?id=988348",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.suse.com/show_bug.cgi?id=988348",
                  },
                  {
                     name: "openSUSE-SU-2019:1227",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1230",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00076.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1275",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1481",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
                  },
               ],
            },
            source: {
               advisory: "USN-3730-1",
               defect: [
                  "1783591",
               ],
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
      assignerShortName: "canonical",
      cveId: "CVE-2018-6556",
      datePublished: "2018-08-10T15:00:00Z",
      dateReserved: "2018-02-02T00:00:00",
      dateUpdated: "2024-09-17T03:38:26.856Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-1334
Vulnerability from cvelistv5
Published
2015-08-12 14:00
Modified
2024-08-06 04:40
Severity ?
Summary
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T04:40:18.464Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-3317",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3317",
               },
               {
                  name: "USN-2675-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2675-1",
               },
               {
                  name: "openSUSE-SU-2015:1315",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
               },
               {
                  name: "75998",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/75998",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e",
               },
               {
                  name: "openSUSE-SU-2015:1317",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html",
               },
               {
                  name: "openSUSE-SU-2019:1481",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2015-07-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-05-31T20:06:03",
            orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            shortName: "canonical",
         },
         references: [
            {
               name: "DSA-3317",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3317",
            },
            {
               name: "USN-2675-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2675-1",
            },
            {
               name: "openSUSE-SU-2015:1315",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
            },
            {
               name: "75998",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/75998",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e",
            },
            {
               name: "openSUSE-SU-2015:1317",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html",
            },
            {
               name: "openSUSE-SU-2019:1481",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@ubuntu.com",
               ID: "CVE-2015-1334",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "DSA-3317",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3317",
                  },
                  {
                     name: "USN-2675-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2675-1",
                  },
                  {
                     name: "openSUSE-SU-2015:1315",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00066.html",
                  },
                  {
                     name: "75998",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/75998",
                  },
                  {
                     name: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
                     refsource: "MISC",
                     url: "https://service.ait.ac.at/security/2015/LxcSecurityAnalysis.html",
                  },
                  {
                     name: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e",
                     refsource: "CONFIRM",
                     url: "https://github.com/lxc/lxc/commit/5c3fcae78b63ac9dd56e36075903921bd9461f9e",
                  },
                  {
                     name: "openSUSE-SU-2015:1317",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2015-07/msg00067.html",
                  },
                  {
                     name: "openSUSE-SU-2019:1481",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
      assignerShortName: "canonical",
      cveId: "CVE-2015-1334",
      datePublished: "2015-08-12T14:00:00",
      dateReserved: "2015-01-22T00:00:00",
      dateUpdated: "2024-08-06T04:40:18.464Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-10124
Vulnerability from cvelistv5
Published
2017-01-09 08:48
Modified
2024-08-06 03:14
Severity ?
Summary
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T03:14:42.026Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2014/12/15/5",
               },
               {
                  name: "95404",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/95404",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/09/03/5",
               },
               {
                  name: "GLSA-201711-09",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201711-09",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2017-01-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-11-12T10:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2014/12/15/5",
            },
            {
               name: "95404",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/95404",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/09/03/5",
            },
            {
               name: "GLSA-201711-09",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201711-09",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-10124",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.openwall.com/lists/oss-security/2014/12/15/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2014/12/15/5",
                  },
                  {
                     name: "95404",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/95404",
                  },
                  {
                     name: "http://www.openwall.com/lists/oss-security/2015/09/03/5",
                     refsource: "MISC",
                     url: "http://www.openwall.com/lists/oss-security/2015/09/03/5",
                  },
                  {
                     name: "GLSA-201711-09",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201711-09",
                  },
                  {
                     name: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6",
                     refsource: "CONFIRM",
                     url: "https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-10124",
      datePublished: "2017-01-09T08:48:00",
      dateReserved: "2017-01-09T00:00:00",
      dateUpdated: "2024-08-06T03:14:42.026Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}