[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-9962

Date: (C)2017-02-02   (M)2017-11-18 


RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

CVSS Score: 4.4Access Vector: LOCAL
Exploit Score: 3.4Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
http://seclists.org/fulldisclosure/2017/Jan/21
http://www.securityfocus.com/archive/1/archive/1/540001/100/0/threaded
BID-95361
FEDORA-2017-0200646669
FEDORA-2017-c2c2d1be16
FEDORA-2017-dbc2b618eb
FEDORA-2017-fcd02e2c2d
GLSA-201701-34
https://access.redhat.com/security/vulnerabilities/cve-2016-9962
https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
https://github.com/docker/docker/releases/tag/v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5

CWE    1
CWE-362
OVAL    12
oval:org.secpod.oval:def:1600491
oval:org.secpod.oval:def:111877
oval:org.secpod.oval:def:111883
oval:org.secpod.oval:def:1501741
...

© 2013 SecPod Technologies