JPCERT-AT-2019-0007 JPCERT/CC 2019-02-14 <<< JPCERT/CC Alert 2019-02-14 >>> Alert Regarding Privilege Escalation Vulnerability (CVE-2019-5736) in runc https://www.jpcert.or.jp/english/at/2019/at190007.html I. Overview On February 12, 2019 (local time), a vulnerability (CVE-2019-5736) in runc used by Docker containers, etc. has been disclosed. When a user executes a specially crafted container exploiting this vulnerability, the runc binary on the host is unintentionally overwritten. As a result, an arbitrary command may be executed with root privilege on the host on which the container is running. Since confirmed that Proof-of-Concept code for this vulnerability has been made public, JPCERT/CC is releasing the advisory again as a Security Alerts. II. Affected Products The following versions are affected by this vulnerability: - runc 1.0-rc6 and earlier The affected versions for each distributor are as follows. - Ubuntu : runc versions prior to 1.0.0~rc4+dfsg1-6ubuntu0.18.10.1 - Debian : runc versions prior to 0.1.1+dfsg1-2 - RedHat Enterprise Linux : docker versions prior to 1.13.1-91.git07f3374.el7 - Amazon Linux : docker versions prior to 18.06.1ce-7.25.amzn1.x86_64 - Docker : docker versions prior to 18.09.2 * Other container services using runc may also be affected by this vulnerability. For the impact of this vulnerability, please check the information on the provider of the container service you are using. III. Solution Please update to the latest version by referring to the information provided by each distributor. - Ubuntu : runc 1.0.0~rc4+dfsg1-6ubuntu0.18.10.1 - Debian : runc 0.1.1+dfsg1-2 - RedHat Enterprise Linux : docker 1.13.1-91.git07f3374.el7 - Amazon Linux : docker 18.06.1ce-7.25.amzn1.x86_64 - Docker : docker 18.09.2 * As for users of other distributor, please pay attention to the information from each distributor. IV. References MITRE CVE-2019-5736 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 Openwall CVE-2019-5736: runc container breakout (all versions) https://www.openwall.com/lists/oss-security/2019/02/11/2 Github (Docker) docker/docker-ce Release https://github.com/docker/docker-ce/releases/tag/v18.09.2 AWS Container Security Issue (CVE-2019-5736) https://aws.amazon.com/jp/security/security-bulletins/AWS-2019-002/ Github (Azure) AKS 2019-02-12 - Hotfix Release https://github.com/Azure/AKS/releases/tag/2019-02-12 Kubernetes Runc and CVE-2019-5736 https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/ Ubuntu CVE-2019-5736 in Ubuntu https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-5736.html Redhat runc - Malicious container escape - CVE-2019-5736 https://access.redhat.com/security/vulnerabilities/runcescape JPCERT/CC Regarding Privilege Escalation Vulnerability (CVE-2019-5736) in runc used by Docker, etc. (JAPANESE) https://www.jpcert.or.jp/newsflash/2019021201.html If you have any information regarding this alert, please contact JPCERT/CC. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-6271-8901 FAX: +81-3-6271-8908 https://www.jpcert.or.jp/english/