[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Privilege escaltion vulnerablity in libcontainer/user/user.go in runC via a numeric username in the password file in a container

ID: oval:org.secpod.oval:def:42584Date: (C)2017-10-27   (M)2022-09-23
Class: VULNERABILITYFamily: unix




libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Platform:
Debian 9.x
Product:
runc
Reference:
CVE-2016-3697
CVE    1
CVE-2016-3697
CPE    2
cpe:/a:runc:runc
cpe:/o:debian:debian_linux:9.x

© SecPod Technologies