CVE-2019-5736 PoC — Docker 操作系统命令注入漏洞

Source

https://github.com/milloni/cve-2019-5736-exp

Associated Vulnerability

Title:Docker 操作系统命令注入漏洞 (CVE-2019-5736)
Description:runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.

Description

Exploit for the CVE-2019-5736 runc vulnerability

Readme

# cve-2019-5736-exp

This is a proof-of-concept (PoC) exploit for the CVE-2019-5736 vulnerability in
runc, the runtime used in Docker.

## Disclaimer

I undertook this project as an exercise, for educational reasons and for fun.
It should go without saying that I do not support unethical and/or illegal
misuse of this code.

## Description

The vulnerability was discovered by [Adam Iwaniuk] and [Borys Popławski] and
described in this [blog post][ds]. Thanks for the great research!

[Adam Iwaniuk]: https://twitter.com/adam_iwaniuk
[Borys Popławski]: https://twitter.com/boryspop
[ds]: https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html

## Usage

To build a malicious container:

```
docker build .
```

Running this container will cause the runc binary to be overwritten with the
contents of the `payload` file, i.e.

```
docker run <image_id>
```

Next time runc is executed (e.g when a different container is run), the host
will execute your payload.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!