CVE-2016-9962
Description
RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-9962
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-9962.html
Vendor advisory: cve@mitre.org — https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
Vendor advisory: cve@mitre.org — https://github.com/docker/docker/releases/tag/v1.12.6
Vendor advisory: arch — https://security.archlinux.org/ASA-201701-19
Vendor advisory: arch — https://security.archlinux.org/ASA-201805-11
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| arch | fixed | 1.0.0rc5+19+g69663f0b-1 | |
| debian | bookworm | fixed | 1.13.1~ds1-2 |
| debian | bullseye | fixed | 1.13.1~ds1-2 |
| debian | forky | fixed | 1.13.1~ds1-2 |
| debian | sid | fixed | 1.13.1~ds1-2 |
| debian | trixie | fixed | 1.13.1~ds1-2 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/opencontainers/runc | <1.0.0-rc3 | 1.0.0-rc3 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| docker | docker | {"startIncluding":"1.11.0","endExcluding":"1.12.6"} | 1.12.6 |
References
- https://security.archlinux.org/ASA-201805-11
- https://security.archlinux.org/ASA-201701-19
- http://rhn.redhat.com/errata/RHSA-2017-0116.html
- http://rhn.redhat.com/errata/RHSA-2017-0123.html
- http://rhn.redhat.com/errata/RHSA-2017-0127.html
- http://seclists.org/fulldisclosure/2017/Jan/21
- http://seclists.org/fulldisclosure/2017/Jan/29
- http://www.securityfocus.com/archive/1/540001/100/0/threaded
- http://www.securityfocus.com/bid/95361
- https://access.redhat.com/security/vulnerabilities/cve-2016-9962
- https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
- https://github.com/docker/docker/releases/tag/v1.12.6
- https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/
- https://security.gentoo.org/glsa/201701-34
- https://www.suse.com/security/cve/CVE-2016-9962.html
- https://security-tracker.debian.org/tracker/CVE-2016-9962
- https://nvd.nist.gov/vuln/detail/CVE-2016-9962
- https://github.com/opencontainers/runc/commit/5d93fed3d27f1e2bab58bad13b180a7a81d0b378
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP
CWEs
CWE-362
Verify integrity in audit chain (admin only). AS-IS.