CVE-2019-5736
- Reference to the description:
- Description:
- runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
- Last updated date:
- 02/02/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/12/2019
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/13/2019
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/14/2019
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/15/2019
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/20/2019
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/12/2019
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/26/2020
- Reference url to background
https://github.com/feexd/pocs/blob/master/CVE-2019-5736/exploit.c
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/30/2021
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/01/2021
- Reference url to background
https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/01/2021
- Reference url to background
https://brauner.github.io/2019/02/12/privileged-containers.html
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/01/2021
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/01/2021
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/01/2021
- Reference url to background
https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/01/2021
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/01/2021
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/16/2021
- Reference url to background
http://packetstormsecurity.com/files/163339/Docker-Container-Escape.html