CVE-2016-9962

MEDIUM

Docker 1.11.0-1.12.5 and runC < 1.0.0-rc3 - Container Escape via Process Tracing Race Condition

Title source: llm
STIX 2.1

Description

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

References (16)

Core 16
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95361
Vendor Advisory x_refsource_confirm
https://github.com/docker/docker/releases/tag/v1.12.6
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0116.html
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Jan/29
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-34
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0123.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0127.html
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/vulnerabilities/cve-2016-9962
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/540001/100/0/threaded
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Jan/21

Scores

CVSS v3 6.4
EPSS 0.0036
EPSS Percentile 27.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (2)
docker/docker 1.11.0 - 1.12.6
opencontainers/runc 0 - 1.0.0-rc3Go
Published Jan 31, 2017
Tracked Since Feb 18, 2026