[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87888

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2016-9962Date: (C)2017-02-02   (M)2018-05-05


RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.4CVSS Score : 4.4
Exploit Score: 0.5Exploit Score: 3.4
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: HIGHAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
http://seclists.org/fulldisclosure/2017/Jan/21
http://www.securityfocus.com/archive/1/archive/1/540001/100/0/threaded
BID-95361
FEDORA-2017-0200646669
FEDORA-2017-c2c2d1be16
FEDORA-2017-dbc2b618eb
FEDORA-2017-fcd02e2c2d
GLSA-201701-34
RHSA-2017:0116
RHSA-2017:0123
RHSA-2017:0127
https://access.redhat.com/security/vulnerabilities/cve-2016-9962
https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
https://github.com/docker/docker/releases/tag/v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5

CPE    9
cpe:/a:docker:docker:1.12.3
cpe:/a:docker:docker:1.12.2
cpe:/a:docker:docker:1.12.5
cpe:/a:docker:docker:1.12.4
...
CWE    1
CWE-362
OVAL    13
oval:org.secpod.oval:def:42573
oval:org.secpod.oval:def:502164
oval:org.secpod.oval:def:502179
oval:org.secpod.oval:def:502180
...

© SecPod Technologies