linuxfoundation runc vulnerabilities and exploits

(subscribe to this query)

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on...

Linuxfoundation Runc 1.0.0 Linuxfoundation Runc Fedoraproject Fedora 33 Fedoraproject Fedora 3413 Github repositories available

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux...

Linuxfoundation Runc

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based...

Linuxfoundation Runc Debian Debian Linux 9.0

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This...

Linuxfoundation Runc Linuxfoundation Runc 1.0.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Opensuse Leap 15.1

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container....

Docker Docker Linuxfoundation Runc Opensuse Opensuse 13.21 Github repository available

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an...

Mobyproject Moby Fedoraproject Fedora 34 Fedoraproject Fedora 35 Fedoraproject Fedora 36 Linuxfoundation Runc3 Github repositories available

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory....

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new...

Docker Docker Linuxfoundation Runc Linuxfoundation Runc 1.0.0 Redhat Container Development Kit 3.7 Redhat Openshift 3.4 Redhat Openshift 3.5 Redhat Openshift 3.6 Redhat Openshift 3.7 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux Server 7.0 Google Kubernetes Engine -Linuxcontainers Lxc Hp Onesphere -Netapp Hci Management Node -Netapp Solidfire -Apache Mesos Opensuse Backports Sle 15.0 Opensuse Leap 15.0 Opensuse Leap 15.1 Opensuse Leap 42.3 D2iq Kubernetes Engine D2iq Dc\\/os Fedoraproject Fedora 30 Fedoraproject Fedora 29 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10 Canonical Ubuntu Linux 19.04 Microfocus Service Management Automation 2018.02 Microfocus Service Management Automation 2018.05 Microfocus Service Management Automation 2018.08 Microfocus Service Management Automation 2018.112 EDB exploits available60 Github repositories available10 Articles available

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook