[Forgot Password]
Login  Register Subscribe

24002

 
 

127027

 
 

102010

 
 

909

 
 

81374

 
 

133

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2016-9962Date: (C)2017-02-02   (M)2018-02-19


RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : 6.4CVSS Score  : 4.4
Exploit Score: 0.5Exploit Score: 3.4
Impact Score : 5.9Impact Score : 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: HIGHAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  





Reference:
http://seclists.org/fulldisclosure/2017/Jan/21
http://www.securityfocus.com/archive/1/archive/1/540001/100/0/threaded
BID-95361
FEDORA-2017-0200646669
FEDORA-2017-c2c2d1be16
FEDORA-2017-dbc2b618eb
FEDORA-2017-fcd02e2c2d
GLSA-201701-34
RHSA-2017:0116
RHSA-2017:0123
RHSA-2017:0127
https://access.redhat.com/security/vulnerabilities/cve-2016-9962
https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
https://github.com/docker/docker/releases/tag/v1.12.6
https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5

CPE    9
cpe:/a:docker:docker:1.11.1
cpe:/a:docker:docker:1.12.3
cpe:/a:docker:docker:1.12.2
cpe:/a:docker:docker:1.12.5
...
CWE    1
CWE-362
OVAL    12
oval:org.secpod.oval:def:1600491
oval:org.secpod.oval:def:111877
oval:org.secpod.oval:def:111883
oval:org.secpod.oval:def:1501741
...

© 2013 SecPod Technologies