Skip to content
runc容器逃逸漏洞预警
Branch: master
Clone or download
Pull request Compare This branch is even with jas502n:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2019-5736
CVE_2019_5736.tar.gz
CVE_2019_5736_tar_xz
Makefile
README.md
exploit
exploit.c
payload
payload.c
push.sh
pwn.sh

README.md

Usage

Edit HOST inside payload.c, compile with make. Start nc and run pwn.sh inside the container.

Notes

  • This exploit is destructive: it'll overwrite /usr/bin/docker-runc binary on the host with the payload. It'll also overwrite /bin/sh inside the container.
  • Tested only on Debian 9.
  • No attempts were made to make it stable or reliable, it's only tested to work when a docker exec <id> /bin/sh is issued on the host.

The original commit I used to write the exploit is here.

The researchers who actually found the vulnerability have published a writeup here.

I've added the original exploit CVE_2019_5736_tar_xz which works differently than mine. Thanks to cyphar for pointing me to it.

You can’t perform that action at this time.