The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability announce CVE-2019-5736

runc: code execution via FS Descriptors Container Escape

Synthesis of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Vulnerable software: Docker CE, Fedora, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Unix (platform) ~ not comprehensive.
Severity of this announce: 2/4.
Consequences of an intrusion: user access/rights.
Attacker's origin: document.
Creation date: 11/02/2019.
Références of this computer vulnerability: CVE-2019-5736, FEDORA-2019-352d4b9cd8, FEDORA-2019-3f19f13ecd, FEDORA-2019-4dc1e39b34, FEDORA-2019-829524f28f, FEDORA-2019-963ea958f9, FEDORA-2019-a5f616808e, FEDORA-2019-df2e68aa6b, FEDORA-2019-f455ef79b8, openSUSE-SU-2019:0170-1, openSUSE-SU-2019:0201-1, openSUSE-SU-2019:0208-1, openSUSE-SU-2019:0252-1, openSUSE-SU-2019:0295-1, openSUSE-SU-2019:1079-1, openSUSE-SU-2019:1227-1, openSUSE-SU-2019:1230-1, RHSA-2019:0303-01, RHSA-2019:0304-01, SSA:2019-043-01, SUSE-SU-2019:0362-1, SUSE-SU-2019:0495-1, SUSE-SU-2019:0573-1, Synology-SA-19:06, VIGILANCE-VUL-28477.

Description of the vulnerability

An attacker can use a vulnerability via FS Descriptors Container Escape of runc, in order to run code.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability database. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.