jas502n/CVE-2019-5736: runc容器逃逸漏洞预警

GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.

Name	Latest commit message	Commit time
Failed to load latest commit information.
CVE-2019-5736	update	Feb 14, 2019
CVE_2019_5736.tar.gz	update	Feb 14, 2019
CVE_2019_5736_tar_xz	update	Feb 14, 2019
Makefile	update	Feb 14, 2019
README.md	update	Feb 14, 2019
exploit	update	Feb 14, 2019
exploit.c	update	Feb 14, 2019
payload	update	Feb 14, 2019
payload.c	update	Feb 14, 2019
push.sh	update	Feb 14, 2019
pwn.sh	update	Feb 14, 2019

Edit HOST inside payload.c, compile with make. Start nc and run pwn.sh inside the container.

This exploit is destructive: it'll overwrite /usr/bin/docker-runc binary on the host with the payload. It'll also overwrite /bin/sh inside the container.
Tested only on Debian 9.
No attempts were made to make it stable or reliable, it's only tested to work when a docker exec <id> /bin/sh is issued on the host.

The original commit I used to write the exploit is here.

The researchers who actually found the vulnerability have published a writeup here.

I've added the original exploit CVE_2019_5736_tar_xz which works differently than mine. Thanks to cyphar for pointing me to it.