SB2019021920 - OpenSUSE Linux update for runc

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019021920

SB2019021920 - OpenSUSE Linux update for runc

Published: February 19, 2019 Updated: January 23, 2023

Security Bulletin ID SB2019021920
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 25% Low 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Command injection (CVE-ID: CVE-2018-16873)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists in the go get command due to import path of a malicious Go package, or a package that imports it directly or indirectly. A remote unauthenticated attacker can use a vanity import path that ends with "/.git", use custom domains to arrange things so that a Git repository is cloned to a folder named ".git", trick the victim into considering the parent directory as a repository root, and run Git commands on it that will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, and execute arbitrary code on the system running "go get -u".

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Path traversal (CVE-ID: CVE-2018-16874)

The vulnerability allows a remote attacker to conduct a directory traversal attack on the target system.

The vulnerability exists in the go get command due to path traversal attack when the affected software executes the go get command with the import path of a Go package that contains curly braces. A remote unauthenticated attacker can execute the go get command, trick the victim into accessing a Go package that submits malicious input, conduct a directory traversal attack, which the attacker can use to execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Improper input validation (CVE-ID: CVE-2018-16875)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on Go TLS servers accepting client certificates and TLS clients due to the crypto/x509 package does not limit the amount of work performed for each chain verification. A remote unauthenticated attacker can craft pathological inputs leading to a CPU denial of service.


4) Privilege escalation (CVE-ID: CVE-2019-5736)

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists in the runc container runtime due to file-descriptor mishandling, related to /proc/self/exe. A remote attacker can leverage the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec, overwrite the host runc binary with minimal user interaction and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References