Main Vulnerability Database SB2019021506

SB2019021506 - Privilege escalation in VMware Integrated OpenStack with Kubernetes and vSphere Integrated Container

Published: February 15, 2019 Updated: January 23, 2023

Security Bulletin ID SB2019021506

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Privilege escalation (CVE-ID: CVE-2019-5736)

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists in the runc container runtime due to file-descriptor mishandling, related to /proc/self/exe. A remote attacker can leverage the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec, overwrite the host runc binary with minimal user interaction and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://www.vmware.com/security/advisories/VMSA-2019-0001.html