#VU12804 Race condition in RunC - CVE-2016-9962


| Updated: 2020-07-15

Vulnerability identifier: #VU12804

Vulnerability risk: Low

CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Clear]

CVE-ID: CVE-2016-9962

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
RunC
Web applications / Remote management & hosting panels

Vendor: Docker Inc.

Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to allowing additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. A local attacker can execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation
Install update from vendor's website.

Vulnerable software versions

RunC: 1.12.6

External links
https://github.com/moby/moby/releases/tag/v1.12.6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Arch Linux update for runc
Fedora 25 update for runc
Fedora 25 update for runc
Fedora 25 update for runc
Fedora 24 update for runc
Red Hat update for runc
Red Hat update for docker-latest
Arch Linux update for docker
Race condition in docker (Alpine package)
Gentoo update for runC