Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2019-14271

Description

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

POC

Reference

No PoCs from references.

Github

- https://github.com/ARPSyndicate/cvemon

- https://github.com/HoangLai2k3/CVE_2019_14271

- https://github.com/HuzaifaPatel/houdini

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/JosephJMRG/apache-docker-project

- https://github.com/Laihoang2k3/CVE_2019_14271

- https://github.com/LouisLiuNova/CVE-2019-14271_Exploit

- https://github.com/LouisLiuNova/container-escape-exploits

- https://github.com/Metarget/cloud-native-security-book

- https://github.com/Metarget/metarget

- https://github.com/PercussiveElbow/docker-escape-tool

- https://github.com/PercussiveElbow/docker-security-checklist

- https://github.com/SexyBeast233/SecBooks

- https://github.com/ShadowFl0w/Cloud-Native-Security-Test

- https://github.com/SugarP1g/LearningSecurity

- https://github.com/SunWeb3Sec/Kubernetes-security

- https://github.com/Threekiii/Awesome-POC

- https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground

- https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground

- https://github.com/alphaSeclab/sec-daily-2019

- https://github.com/brant-ruan/awesome-container-escape

- https://github.com/chrisguest75/docker_build_examples

- https://github.com/chrisguest75/docker_examples

- https://github.com/colin-404/Cloud-Native-Security-Test

- https://github.com/h4ckm310n/Container-Vulnerability-Exploit

- https://github.com/heroku/bheu19-attacking-cloud-builds

- https://github.com/hktalent/bug-bounty

- https://github.com/iridium-soda/CVE-2019-14271_Exploit

- https://github.com/iridium-soda/container-escape-exploits

- https://github.com/m00zh33/bheu19-attacking-cloud-builds

- https://github.com/reph0r/poc-exp

- https://github.com/reph0r/poc-exp-tools

- https://github.com/runerx/Cloud-Native-Security-Test

- https://github.com/srey942/Sreyas_Naaraayanan-Ramanathan-ecc-dssb-IS21-code-challenge-req101408

- https://github.com/ssst0n3/docker_archive

- https://github.com/vinci-3000/Cloud-Native-Security-Test

- https://github.com/wenxi-3000/Cloud-Native-Security-Test

- https://github.com/y0shimitsugh0st84/ecape

- https://github.com/y0shimitsugh0st84/kap