CVE-2019-5736: runC container breakout
Open Container Initiative
The vulnerability allows a malicious container to (with minimal user interaction) overwrite the host runc binary and thus gain root-level code execution on the host. The level of user interaction is being able to run any command (it doesn’t matter if the command is not attacker-controlled) as root within a container in either of these contexts:
* Creating a new container using an attacker-controlled image.
* Attaching (docker exec) into an existing container which the attacker had previous write access to.
This vulnerability is *not* blocked by the default AppArmor policy, nor by the default SELinux policy on Fedora[++] (because container processes appear to be running as container_runtime_t). However, it *is* blocked through correct use of user namespaces (where the host root is not mapped into the container’s user namespace).
NOTE: The Garden-runC implementation used in Pivotal Application Service is not impacted by this vulnerability because it leverages unprivileged containers and user namespaces. Garden has consumed the upstream fix in version v1.18.2 to ensure all redundant security controls remain functional.
Pivotal Application Service (PAS) depends on Garden-runC in versions 2.2, 2.3 and 2.4 and on BPM in versions 2.3 and 2.4.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- All versions prior to 4.2.3
- Concourse for PCF
- 3.13 versions using garden-runc versions prior to v1.18.2
- 4.2 versions 4.2.3
- Pivotal Container Service (PKS)
- 1.2 versions versions prior to 1.2.10
- 1.3 versions versions prior to 1.3.3
- Pivotal Application Service (PAS)
- 2.2 versions (fix release in progress)
- 2.3 versions (fix release in progress)
- 2.4 versions (fix release in progress)
Users of affected versions should apply the following mitigation:
- Releases that have fixed this issue include:
- Concourse: 4.2.3
- Concourse for PCF: 3.13.0 (using Garden-runC v1.18.2 or later), 4.2.3
- Pivotal Container Service (PKS): 1.2.10, 1.3.3
2019-02-22: Added Concourse fixed versions; Updated PKS fixed versions due to Docker update in 18.06.3-ce
2019-02-15: Added PKS fixed versions
2019-02-13: Initial vulnerability report published