Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2019-5736

Description

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

POC

Reference

- http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html

- http://packetstormsecurity.com/files/165197/Docker-runc-Command-Execution-Proof-Of-Concept.html

- https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/

- https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/

- https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html

- https://github.com/Frichetten/CVE-2019-5736-PoC

- https://github.com/q3k/cve-2019-5736-poc

- https://github.com/rancher/runc-cve

- https://hackerone.com/reports/495495

- https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003

- https://usn.ubuntu.com/4048-1/

- https://www.exploit-db.com/exploits/46359/

- https://www.exploit-db.com/exploits/46369/

Github

- https://github.com/0x7n6/OSCP

- https://github.com/0xStrygwyr/OSCP-Guide

- https://github.com/0xT11/CVE-POC

- https://github.com/0xZipp0/OSCP

- https://github.com/0xor0ne/awesome-list

- https://github.com/0xsyr0/OSCP

- https://github.com/20142995/sectool

- https://github.com/43622283/awesome-cloud-native-security

- https://github.com/73mp1/docker_escape

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Alevsk/dvka

- https://github.com/Asbatel/CVE-2019-5736_POC

- https://github.com/BBRathnayaka/POC-CVE-2019-5736

- https://github.com/Billith/CVE-2019-5736-PoC

- https://github.com/Blacloud226/sao

- https://github.com/BurlakaR/tpc

- https://github.com/C2ActiveThreatHunters/Awesome-Docker-Kubernetis-Containers-Vulnerabilities-and-Exploitation

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/Challengers-win/Sec-Interview-ai

- https://github.com/ChristineEdgarse/Secrets6

- https://github.com/DataDog/dirtypipe-container-breakout-poc

- https://github.com/DogchampDiego/foran-attack

- https://github.com/ELHADANITAHA/OWASP-JSP-TP

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/EvilAnne/2019-Read-article

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/FishAnonymous/CAShift-Record

- https://github.com/Frichetten/CVE-2019-5736-PoC

- https://github.com/GhostTroops/TOP

- https://github.com/GiverOfGifts/CVE-2019-5736-Custom-Runtime

- https://github.com/H3xL00m/CVE-2019-5736

- https://github.com/HoangLai2k3/CVE_2019_5736

- https://github.com/HuzaifaPatel/houdini

- https://github.com/InesMartins31/iot-cves

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/JERRY123S/all-poc

- https://github.com/Jalexander798/JA_Tools-Cybersecurity-Resource-2

- https://github.com/JlSakuya/CVE-2022-0847-container-escape

- https://github.com/JosephJMRG/apache-docker-project

- https://github.com/Keramas/Blowhole

- https://github.com/Laihoang2k3/CVE_2019_5736

- https://github.com/Lee-SungYoung/cve-2019-5736-study

- https://github.com/LouisLiuNova/container-escape-exploits

- https://github.com/Ly0nt4r/OSCP

- https://github.com/Maissacrement/cyber_sec_master_spv

- https://github.com/Malamunza/Nvedia

- https://github.com/Malamunza/update2

- https://github.com/Mecyu/googlecontainers

- https://github.com/Meowmycks/OSCPprep-Cute

- https://github.com/Meowmycks/OSCPprep-Sar

- https://github.com/Meowmycks/OSCPprep-hackme1

- https://github.com/Metarget/awesome-cloud-native-security

- https://github.com/Metarget/cloud-native-security-book

- https://github.com/Metarget/k0otkit

- https://github.com/Metarget/metarget

- https://github.com/MrHyperIon101/docker-security

- https://github.com/N3rdyN3xus/CVE-2019-5736

- https://github.com/NetW0rK1le3r/awesome-hacking-lists

- https://github.com/NyxByt3/CVE-2019-5736

- https://github.com/PercussiveElbow/docker-escape-tool

- https://github.com/PercussiveElbow/docker-security-checklist

- https://github.com/Perimora/cve_2019-5736-PoC

- https://github.com/Petes77/Docker-Security

- https://github.com/Pray3r/cloud-native-security

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/RClueX/Hackerone-Reports

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/Retr0-ll/2023-littleTerm

- https://github.com/Retr0-ll/littleterm

- https://github.com/RyanNgWH/CVE-2019-5736-POC

- https://github.com/SamP10/BetDocker

- https://github.com/SantoriuHen/NotesHck

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/SexyBeast233/SecBooks

- https://github.com/ShadowFl0w/Cloud-Native-Security-Test

- https://github.com/SirElmard/ethical_hacking

- https://github.com/Sp3c73rSh4d0w/CVE-2019-5736

- https://github.com/SunWeb3Sec/Kubernetes-security

- https://github.com/Templroot/docker_escape

- https://github.com/TheWatcherAintThug/docker_escape

- https://github.com/Threekiii/Awesome-POC

- https://github.com/UCloudDoc-Team/uk8s

- https://github.com/UCloudDocs/uk8s

- https://github.com/VishuGahlyan/OSCP

- https://github.com/WatPow/marine-ctf

- https://github.com/XiaomingX/awesome-docker-security

- https://github.com/aakashchauhn/Cloud-Pentest

- https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground

- https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground

- https://github.com/agppp/cve-2019-5736-poc

- https://github.com/aishee/DOCKER-2019-5736

- https://github.com/alenperic/HTB-TheNotebook

- https://github.com/alveensyh/Docker_sec

- https://github.com/anan123jhbjb/project01

- https://github.com/atesemre/awesome-cloud-native-security

- https://github.com/b3d3c/poc-cve-2019-5736

- https://github.com/bachkhoasoft/awesome-list-ks

- https://github.com/bitdefender/vbh_sample

- https://github.com/brant-ruan/awesome-container-escape

- https://github.com/brimstone/stars

- https://github.com/brompwnie/botb

- https://github.com/c0d3cr4f73r/CVE-2019-5736

- https://github.com/cdk-team/CDK

- https://github.com/chosam2/cve-2019-5736-poc

- https://github.com/colin-404/Cloud-Native-Security-Test

- https://github.com/cometkim/awesome-list

- https://github.com/crypticdante/CVE-2019-5736

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/cyberjoe009/cybertection_server

- https://github.com/czujsnn/docker_security

- https://github.com/dani-santos-code/kubecon_2023_prevent_cluster_takeover

- https://github.com/defgsus/good-github

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/e-hakson/OSCP

- https://github.com/eljosep/OSCP-Guide

- https://github.com/epsteina16/Docker-Escape-Miner

- https://github.com/exfilt/CheatSheet

- https://github.com/fahmifj/Docker-breakout-runc

- https://github.com/fazilbaig1/oscp

- https://github.com/fenixsecurelabs/core-nexus

- https://github.com/fkie-cad/nvd-json-data-feeds

- https://github.com/geropl/CVE-2019-5736

- https://github.com/h3x0v3rl0rd/CVE-2019-5736

- https://github.com/h3xcr4ck3r/CVE-2019-5736

- https://github.com/h4ckm310n/Container-Vulnerability-Exploit

- https://github.com/hacking-kubernetes/hacking-kubernetes.info

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/heroku/bheu19-attacking-cloud-builds

- https://github.com/hktalent/TOP

- https://github.com/imhunterand/hackerone-publicy-disclosed

- https://github.com/iridium-soda/container-escape-exploits

- https://github.com/jakubkrawczyk/cve-2019-5736

- https://github.com/jas502n/CVE-2019-5736

- https://github.com/jbmihoub/all-poc

- https://github.com/jeansgit/Pentest

- https://github.com/jitmondal1/OSCP

- https://github.com/k4u5h41/CVE-2019-5736

- https://github.com/kaosagnt/ansible-everyday

- https://github.com/kdada/imkira.com

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/khu-capstone-design/kubernetes-vulnerability-investigation

- https://github.com/kindredgroupsec/venom

- https://github.com/kiranjpjk/Penetration-Testing-VMs-and-Web

- https://github.com/likekabin/CVE-2019-5736

- https://github.com/likekabin/cve-2019-5736-poc

- https://github.com/likescam/CVE-2019-5736

- https://github.com/likescam/cve-2019-5736-poc

- https://github.com/lnick2023/nicenice

- https://github.com/loyality7/Awesome-Containers

- https://github.com/lp008/Hack-readme

- https://github.com/m00zh33/bheu19-attacking-cloud-builds

- https://github.com/m4r1k/k8s_5g_lab

- https://github.com/manoelt/50M_CTF_Writeup

- https://github.com/marklindsey11/Docker-Security

- https://github.com/merlinepedra/K0OTKIT

- https://github.com/merlinepedra25/K0OTKIT

- https://github.com/milloni/cve-2019-5736-exp

- https://github.com/mrzzy/govware-2019-demos

- https://github.com/myugan/awesome-docker-security

- https://github.com/n0-traces/cve_monitor

- https://github.com/n3ov4n1sh/CVE-2019-5736

- https://github.com/n3rdh4x0r/CVE-2019-5736

- https://github.com/neargle/my-re0-k8s-security

- https://github.com/neargle/re0-kubernetes-sec-archive

- https://github.com/nitishbadole/oscp-note-3

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/opencontainers-sec/go-containersec

- https://github.com/opencontainers/runc

- https://github.com/orgTestCodacy11KRepos110MB/repo-3574-my-re0-k8s-security

- https://github.com/oscpname/OSCP_cheat

- https://github.com/owen800q/Awesome-Stars

- https://github.com/panzouh/Docker-Runc-Exploit

- https://github.com/parth45/cheatsheet

- https://github.com/paulveillard/cybersecurity-docker-security

- https://github.com/phoenixvlabs/core-nexus

- https://github.com/phxvlabsio/core-nexus

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/psifertex/ctf-vs-the-real-world

- https://github.com/pu1et/doky

- https://github.com/pyperanger/dockerevil

- https://github.com/q3k/cve-2019-5736-poc

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/rancher/runc-cve

- https://github.com/readloud/Awesome-Stars

- https://github.com/reni2study/Cloud-Native-Security2

- https://github.com/revanmalang/OSCP

- https://github.com/runerx/Cloud-Native-Security-Test

- https://github.com/rustymagnet3000/container_playground

- https://github.com/sandbornm/HardenDocker

- https://github.com/saucer-man/exploit

- https://github.com/schoi1337/dockout

- https://github.com/shen54/IT19172088

- https://github.com/si1ent-le/CVE-2019-5736

- https://github.com/sonyavalo/CVE-2019-5736-Dockerattack-and-security-mechanism

- https://github.com/source-xu/docker-vuls

- https://github.com/sourcexu7/docker-vuls

- https://github.com/ssst0n3/docker_archive

- https://github.com/stcirclear/container_escape_detection

- https://github.com/stillan00b/CVE-2019-5736

- https://github.com/taielab/awesome-hacking-lists

- https://github.com/takumak/cve-2019-5736-reproducer

- https://github.com/tanjiti/sec_profile

- https://github.com/tbc957/k8s

- https://github.com/tmawalt12528a/eggshell1

- https://github.com/tonybreak/CDK_bak

- https://github.com/twistlock/RunC-CVE-2019-5736

- https://github.com/twistlock/whoc

- https://github.com/txuswashere/OSCP

- https://github.com/txuswashere/Web-Pentesting

- https://github.com/veritas501/pipe-primitive

- https://github.com/vinci-3000/Cloud-Native-Security-Test

- https://github.com/waqeen/cyber_security21

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/wenxi-3000/Cloud-Native-Security-Test

- https://github.com/xbl2022/awesome-hacking-lists

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xhref/OSCP

- https://github.com/y0shimitsugh0st84/ecape

- https://github.com/y0shimitsugh0st84/kap

- https://github.com/yyqs2008/CVE-2019-5736-PoC-2

- https://github.com/zhonghual1206/biyi-sealidentify

- https://github.com/zyriuse75/CVE-2019-5736-PoC