Executive Summary

Title Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019
Name cisco-sa-20190215-runc First vendor Publication 2019-02-15
Vendor Cisco Last vendor Modification 2019-02-15
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system.

The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/exe. An attacker could exploit the vulnerability either by persuading a user to create a new container using an attacker-controlled image or by using the docker exec command to attach into an existing container that the attacker already has write access to. A successful exploit could allow the attacker to overwrite the host's runc binary file with a malicious file, escape the container, and execute arbitrary commands with root privileges on the host system.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc"]


iQJ5BAEBAgBjBQJcZwX4XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczjzIQANgPqQKnb/GpcNY96DRULjjA0lxO 1HRsYxjpb+DqUECszX6rlzlvjQP4khTiRwGDG6Vnld0CUI5IucHc+XnPLVVa2UzT d7HpneFn2CBdI29oVJPawt3tR8+dHw/WInpTyZTidXp/v2V1zlMdeYjW8PvRr61M PGgrPqm+xo04528daw1/1yyKPoVVTuQB49RtralyvCbSchQlHd23jSYQsL8ycIh +sqDs7Mi9n3HKv+GVYV6vXUNhvMu7a4qUJ5H9fApmcKSxTtyy8Fkrywgd1JASmp+k h+DDx63FDFj/ZLu6rQV5iAbfrW7thID7rshXTZUQ3fP+PiEa/JAZV4wTrsysTtyi H5793cmNXKL/VVOUKhZSL58DS6E0zQrypclcr1w6wTwJI3R1GexsKfWuZlAPP6HO 4es7kHY/5XRH4TPBgrT9ZBDXRJT7XWxhTt62Sb5RjvaRPfhTseh/iGqzwUmtfqIb gWIAUiWqsYb2muTGeNnbTb5lWRuKmOkfe+7zcaajC7P3fRPE3pD61lQeU8om8PiB MGkoipFnJlZ/DqRpKnZxX32ZTlY3fd+wPA1T62JTqhJ3X1I3MBQvDwSKFfEIA2OE VvQd7EkNDX90JSYkrVLXr6n35OietjedPV8ISj5lKqCiXATNoWA34OFMT6xdQ4Hh ZreDQnlAutNJexwH =IMUK END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-216 Containment Errors (Container Errors)

CPE : Common Platform Enumeration

Application 122
Application 610
Application 1
Application 1
Application 1
Application 1
Application 1
Application 8
Application 5
Os 2
Os 1
Os 2
Os 1
Os 1

Snort® IPS/IDS

Date Description
2019-03-19 Multiple products runc arbitrary code execution attempt
RuleID : 49195 - Revision : 2 - Type : SERVER-OTHER

Alert History

If you want to see full details history, please login or register.
Date Informations
2019-02-20 12:12:09
  • Multiple Updates
2019-02-15 21:18:26
  • First insertion