Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-201.022119: TT-CSIRT Advisory – Cisco Security Updates

20th February 2019

Cisco has released a security update stating that it has discovered a vulnerability in the Open Container Initiative runc CLI tool used by multiple products which could allow an unauthenticated, remote attacker to escalate privileges on a targeted system.

This issue exists because the affected software improperly handles file descriptors related to /proc/self/exe.

An attacker could exploit the vulnerability either by persuading a user to create a new container using an attacker-controlled image or by using the docker exec command to attach into an existing container that the attacker already has write access to.

Further information on this vulnerability and how it can be mitigated can be found the Cisco Website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc