CVE•Published 2019-02-11•1 article on news•7 live references•NVD data

CVE-2019-5736

Vulnerability data via CVEDB (Shodan)

CVSS v3.1

8.6

HIGH

EPSS percentile

100

Exploit Prediction Scoring System · top 0% of all CVEs

Description

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Timeline

Published 2019-02-11

External references

NVD MITRE Exploit-DB GitHub PoC Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag88 hosts

vuln:CVE-2019-5736

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product + version

product:"Apache Mesos" version:"1.4.0"

Version-pinned fingerprint from NVD's first vulnerable CPE.

Shodan · banner/body mention

http.html:"Mesos"

HTTP body or banner mentions "Mesos" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2019-5736