{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-01-10T00:00:00", "descriptions": [{"lang": "en", "value": "RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "95361", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95361"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/docker/docker/releases/tag/v1.12.6"}, {"name": "RHSA-2017:0116", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html"}, {"name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2017/Jan/29"}, {"name": "FEDORA-2017-fcd02e2c2d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"}, {"name": "GLSA-201701-34", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-34"}, {"name": "RHSA-2017:0123", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"}, {"name": "RHSA-2017:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html"}, {"name": "FEDORA-2017-c2c2d1be16", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962"}, {"name": "FEDORA-2017-dbc2b618eb", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"}, {"name": "FEDORA-2017-0200646669", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"}, {"name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded"}, {"name": "20170110 Docker 1.12.6 - Security Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2017/Jan/21"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9962", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "95361", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95361"}, {"name": "https://github.com/docker/docker/releases/tag/v1.12.6", "refsource": "CONFIRM", "url": "https://github.com/docker/docker/releases/tag/v1.12.6"}, {"name": "RHSA-2017:0116", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html"}, {"name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2017/Jan/29"}, {"name": "FEDORA-2017-fcd02e2c2d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"}, {"name": "GLSA-201701-34", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-34"}, {"name": "RHSA-2017:0123", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html"}, {"name": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5", "refsource": "CONFIRM", "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"}, {"name": "RHSA-2017:0127", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html"}, {"name": "FEDORA-2017-c2c2d1be16", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"}, {"name": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962"}, {"name": "FEDORA-2017-dbc2b618eb", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"}, {"name": "FEDORA-2017-0200646669", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"}, {"name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded"}, {"name": "20170110 Docker 1.12.6 - Security Advisory", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2017/Jan/21"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:07:31.309Z"}, "title": "CVE Program Container", "references": [{"name": "95361", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95361"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/docker/docker/releases/tag/v1.12.6"}, {"name": "RHSA-2017:0116", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html"}, {"name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Jan/29"}, {"name": "FEDORA-2017-fcd02e2c2d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"}, {"name": "GLSA-201701-34", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-34"}, {"name": "RHSA-2017:0123", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"}, {"name": "RHSA-2017:0127", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html"}, {"name": "FEDORA-2017-c2c2d1be16", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962"}, {"name": "FEDORA-2017-dbc2b618eb", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"}, {"name": "FEDORA-2017-0200646669", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"}, {"name": "20170111 Re: [oss-security] Docker 1.12.6 - Security Advisory", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded"}, {"name": "20170110 Docker 1.12.6 - Security Advisory", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Jan/21"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9962", "datePublished": "2017-01-31T22:00:00", "dateReserved": "2016-12-15T00:00:00", "dateUpdated": "2024-08-06T03:07:31.309Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "matchCriteriaId": "53E74F64-38C7-4907-9C6F-954CE37CEF24", "versionEndExcluding": "1.12.6", "versionStartIncluding": "1.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container."}, {"lang": "es", "value": "RunC permiti\u00f3 procesos de contenedores adicionales a trav\u00e9s de 'runc exec' para ser ptraced por el pid 1 del contenedor. Esto permite a los principales procesos del contenedor, si se ejecutan como root, obtener acceso a los descriptores de archivo de estos nuevos procesos durante la inicializaci\u00f3n y puede conducir a escapes de contenedores o modificaci\u00f3n del estado de runC antes de que el proceso sea totalmente ubicado dentro del contenedor."}], "id": "CVE-2016-9962", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-31T22:59:01.783", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Jan/21"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Jan/29"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95361"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/docker/docker/releases/tag/v1.12.6"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-34"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0116.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0123.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0127.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Jan/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Jan/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/540001/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/vulnerabilities/cve-2016-9962"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/docker/docker/releases/tag/v1.12.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-34"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Docker project for reporting this issue. Upstream acknowledges Aleksa Sarai (SUSE) and T\u00f5nis Tiigi (Docker) as the original reporters.", "affected_release": [{"advisory": "RHSA-2017:0116", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "docker-2:1.12.5-14.el7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2017-01-17T00:00:00Z"}, {"advisory": "RHSA-2017:0123", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "docker-latest-0:1.12.5-14.el7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2017-01-17T00:00:00Z"}, {"advisory": "RHSA-2017:0127", "cpe": "cpe:/a:redhat:rhel_extras_other:7", "package": "runc-0:1.0.0-1.rc2.el7", "product_name": "Red Hat Enterprise Linux 7 Extras", "release_date": "2017-01-17T00:00:00Z"}], "bugzilla": {"description": "docker: insecure opening of file-descriptor allows privilege escalation", "id": "1409531", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409531"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "details": ["RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.", "The runc component used by `docker exec` feature of docker allowed additional container processes to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain low-level access to these new processes during initialization. An attacker can, depending on the nature of the incoming process, leverage this to elevate access to the host. This ranges from accessing host content through the file descriptors of the incoming process to, potentially, a complete container escape by leveraging memory access or syscall interception."], "mitigation": {"lang": "en:us", "value": "On Red Hat systems with SELinux enabled, the dangers of even privileged containers are mitigated. SELinux prevents container processes from accessing host content even if those container processes manage to gain access to the actual file descriptors."}, "name": "CVE-2016-9962", "public_date": "2017-01-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9962\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9962\nhttps://access.redhat.com/security/vulnerabilities/cve-2016-9962"], "threat_severity": "Important"}