正文

runc 路径遍历漏洞

admin
admin V管理员 /0 评论 /7 阅读
0304
此篇文章发布距今已超过1213天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

runc 路径遍历漏洞

  • CNNVD编号:CNNVD-202105-1245
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2021-30465
  • 漏洞类型: 路径遍历
  • 发布时间: 2021-05-19
  • 威胁类型: 远程
  • 更新时间: 2021-10-27
  • 厂        商:
  • 漏洞来源: Ubuntu

漏洞简介

runc是一款用于根据OCI规范生成和运行容器的CLI(命令行界面)工具。

runc 存在路径遍历漏洞,攻击者可利用该漏洞将主机文件系统绑定到容器中。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r

参考网址

来源:MISC

链接:https://bugzilla.opensuse.org/show_bug.cgi?id=1185405

来源:MISC

链接:http://www.openwall.com/lists/oss-security/2021/05/19/2

来源:MISC

链接:https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f

来源:CONFIRM

链接:https://security.netapp.com/advisory/ntap-20210708-0003/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH/

来源:MISC

链接:https://github.com/opencontainers/runc/releases

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV/

来源:CONFIRM

链接:https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021052015

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021053009

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162861/Red-Hat-Security-Advisory-2021-2144-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1767

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2118

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163065/Red-Hat-Security-Advisory-2021-2150-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1823

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1792

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163017/Red-Hat-Security-Advisory-2021-2291-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3550

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021061016

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021092209

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021053116

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163462/Gentoo-Linux-Security-Advisory-202107-26.html

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/runc-privilege-escalation-via-symlink-exchange-35486

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021052526

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021060944

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1855

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162774/Red-Hat-Security-Advisory-2021-1566-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2028

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021071001

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162711/Ubuntu-Security-Notice-USN-4960-1.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162758/Red-Hat-Security-Advisory-2021-1562-01.html

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2021-30465

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3385

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2075

受影响实体

    暂无


补丁

  • runc 路径遍历漏洞的修复措施
    <!--
    2021-5-19
    -->