exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2019-19921

Status Candidate

Overview

runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)

Related Files

Ubuntu Security Notice USN-6088-2
Posted May 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6088-2 - USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. Felix Wilhelm discovered that runC incorrecly handled netlink messages. An attacker could possibly use this issue to escalate privileges.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-19921, CVE-2021-43784, CVE-2022-29162, CVE-2023-25809, CVE-2023-27561, CVE-2023-28642
SHA-256 | 228e4e8430141c4a888658c04e39158326161025cc9773182744d3522bc81a9d
Red Hat Security Advisory 2020-1650-01
Posted Apr 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1650-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include an information leakage vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19921, CVE-2020-1702, CVE-2020-1726
SHA-256 | 00bcc2279b20fb0563db4c21585bf23a93232564ef41551f41d18b9a4341fe3f
Red Hat Security Advisory 2020-1485-01
Posted Apr 20, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-1485-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. A race condition has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19921
SHA-256 | 9f5506eff26e64be425ef07842f106ef66d572420f7dec59990b97953c6afa53
Red Hat Security Advisory 2020-0942-01
Posted Mar 23, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0942-01 - The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. A race condition has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19921
SHA-256 | a546335cdeeceb6b8804dfd0cbd426affeca451688b0f8359da23b54f2d297f1
Gentoo Linux Security Advisory 202003-21
Posted Mar 15, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-21 - Multiple vulnerabilities have been discovered in runC, the worst of which may lead to privilege escalation. Versions less than 1.0.0_rc10 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2019-16884, CVE-2019-19921, CVE-2019-5736
SHA-256 | b654f470c0bc3ea5e9d17a7e1065315ea14d4f317417da2d5c835cd169d7bb2b
Red Hat Security Advisory 2020-0695-01
Posted Mar 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0695-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A race condition was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19921
SHA-256 | 31b7c27fa07d375cf33d93f0066d17ec36f07c785fd4920ad8e8a9b8e5e9f5fb
Red Hat Security Advisory 2020-0688-01
Posted Mar 10, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0688-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. A race condition has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19921
SHA-256 | b6a978e16a30622f1ef08edd0d08057edbcb265b8178ca621f34da209a122b86
Ubuntu Security Notice USN-4297-1
Posted Mar 9, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4297-1 - It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and escalate privileges. This issue only affected Ubuntu 18.04 LTS. It was discovered that runC incorrectly performed access control. An attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-16884, CVE-2019-19921
SHA-256 | 4c43616d9540099069bfffeca945a4397bc0aedf5dea591e4a09aacf95b0ff9b
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close