Usage

Edit HOST inside payload.c, compile with make. Start nc and run pwn.sh inside the container.

Notes

This exploit is destructive: it'll overwrite /usr/bin/docker-runc binary on the host with the payload. It'll also overwrite /bin/sh inside the container.
Tested only on Debian 9.
No attempts were made to make it stable or reliable, it's only tested to work when a docker exec <id> /bin/sh is issued on the host.

The original commit I used to write the exploit is here.

The researchers who actually found the vulnerability have published a writeup here.

I've added the original exploit CVE_2019_5736_tar_xz which works differently than mine. Thanks to cyphar for pointing me to it.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
CVE-2019-5736		CVE-2019-5736
CVE_2019_5736.tar.gz		CVE_2019_5736.tar.gz
CVE_2019_5736_tar_xz		CVE_2019_5736_tar_xz
Makefile		Makefile
README.md		README.md
exploit		exploit
exploit.c		exploit.c
payload		payload
payload.c		payload.c
push.sh		push.sh
pwn.sh		pwn.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2019-5736

CVE-2019-5736

CVE_2019_5736.tar.gz

CVE_2019_5736.tar.gz

CVE_2019_5736_tar_xz

CVE_2019_5736_tar_xz

Makefile

Makefile

README.md

README.md

exploit

exploit

exploit.c

exploit.c

payload

payload

payload.c

payload.c

push.sh

push.sh

pwn.sh

pwn.sh

Repository files navigation

Usage

Notes

About

Releases

Packages

Languages

shsjshentao/CVE-2019-5736

Folders and files

Latest commit

History

Repository files navigation

Usage

Notes

About

Resources

Stars

Watchers

Forks

Languages