Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Docker Container Escape Vulnerability With PoC (CVE-2019-5736)
[Image: 1*TYAzzTJ60x-qg5N81ElU9A.png]

        Containers on Docker were discovered to have a dangerous vulnerability, designated [CVE-2019-5736], this vulnerability could potentially endanger multiple industries. It was first discovered by a Polish researcher named Adam Iwanik. They found they could use the vulnerability to gain access out-of-sandboxes and root access to host servers. When they utilized the processes inside a container or a docker image, they were able to execute code at admin level. 

   How this attack works, is that when an attack overwrites the binary in the container with a symbolic link such as exec, the binary executes. Next, the symbolic link is executed to itself. An attacker can then use a descriptor to overwrite the file. This is only successful when the runC process exits, as cannot overwrite while running. 

   According to some review, this vulnerability could also endanger the maritime industry as well. Since before the tech and inter-connectivity boom, the industry itself was practically out of the sights, but seeing as though many industries are becoming more and more connected to the internet, the maritime industry is now in danger of being targeted. This is especially frightening, as the modern economy of most developed nations depends heavily on maritime trade. 

   As of the writing of this article, the vulnerability to the runC platforms has been patched. 

   Original article can be found here.

  That was the news folks, have a good week, and stay safe out there.

01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Update Windows 10 to patch critical vulnerability in Microsoft store games News 0 361 11-06-2020, 04:22 AM
Last Post: News
Star News IoT Vulnerability Disclosure Platform Launched News 0 394 10-20-2020, 09:58 AM
Last Post: News
Star News Zerologon Vulnerability Used in APT Attacks News 0 418 10-07-2020, 11:12 AM
Last Post: News
Star News Vulnerability Disclosure Programs See Signups & Payouts Surge News 0 399 09-23-2020, 12:57 PM
Last Post: News
Star News Can Vulnerability Scanning Replace Penetration Testing? News 0 480 08-30-2020, 02:08 AM
Last Post: News
Star News Vulnerability Volume Poised to Overwhelm Infosec Teams News 0 456 08-28-2020, 09:14 AM
Last Post: News
Star News Vulnerability Prioritization: Are You Getting It Right? News 0 1,157 08-10-2020, 07:33 PM
Last Post: News
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 684 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Rainbow News Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites Mr.Kurd 0 666 04-01-2020, 11:11 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 708 03-26-2020, 09:03 AM
Last Post: Mr.Kurd

Users browsing this thread: 1 Guest(s)