CVE-2016-9962

low-risk

Published 2017-01-31

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.

Do I need to act?

0.13% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.4/10 Medium

LOCAL / HIGH complexity

Affected Products (1)

Docker

Affected Vendors

Docker

References (32)

http://rhn.redhat.com/errata/RHSA-2017-0116.html

http://rhn.redhat.com/errata/RHSA-2017-0123.html

http://rhn.redhat.com/errata/RHSA-2017-0127.html

Mailing List http://seclists.org/fulldisclosure/2017/Jan/21

Mailing List http://seclists.org/fulldisclosure/2017/Jan/29

http://www.securityfocus.com/archive/1/540001/100/0/threaded

Third Party Advisory http://www.securityfocus.com/bid/95361

Third Party Advisory https://access.redhat.com/security/vulnerabilities/cve-2016-9962

Issue Tracking https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6

Vendor Advisory https://github.com/docker/docker/releases/tag/v1.12.6

Patch https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde2...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.gentoo.org/glsa/201701-34

http://rhn.redhat.com/errata/RHSA-2017-0116.html

http://rhn.redhat.com/errata/RHSA-2017-0123.html

http://rhn.redhat.com/errata/RHSA-2017-0127.html

Mailing List http://seclists.org/fulldisclosure/2017/Jan/21

and 12 more references

/ 100

low-risk

Severity 17/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal