railcar CVE-2019-5736 runc: Execution of malicious containers allows for container escape and access to host filesystem

CVE-2019-5736 runc: Execution of malicious containers allows for container escape and access to host filesystem

Open bruceg opened this issue 6 years ago • 1 comments

Is railcar vulnerable to this exploit? I tried using the docker-based exploit, but it requires the use of the "railcar exec" command, which is not yet implemented. Does that mean it is not possible to exploit it with railcar?

ref: https://nvd.nist.gov/vuln/detail/CVE-2019-5736

Feb 21 '19 02:02 bruceg

that does it mean indeed... OTOH.. it's pity that Vish stopped working on that :'( toy

Mar 12 '19 09:03 delandtj

railcar railcar copied to clipboard

CVE-2019-5736 runc: Execution of malicious containers allows for container escape and access to host filesystem

railcar
railcar copied to clipboard