SB20200611152 - openEuler 20.03 LTS update for lxc-4.0.1-2020052701
Published: June 11, 2020
Security Bulletin ID
SB20200611152
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Privilege escalation (CVE-ID: CVE-2019-5736)
The vulnerability allows a remote attacker to gain elevated privileges.The weakness exists in the runc container runtime due to file-descriptor mishandling, related to /proc/self/exe. A remote attacker can leverage the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec, overwrite the host runc binary with minimal user interaction and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.