header-logo
Suggest Exploit
vendor:
N/A
by:
Exploit Database
7.2
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Debian 9
2019

Docker RunC Exploit

This exploit is destructive and will overwrite the /usr/bin/docker-runc binary on the host with the payload. It will also overwrite the /bin/sh inside the container. It has been tested only on Debian 9 and no attempts were made to make it stable or reliable. It is only tested to work when a docker exec <id> /bin/sh is issued on the host.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the latest version of Docker is installed and that all security patches are applied.
Source

Exploit-DB raw data:

# Usage
Edit HOST inside `payload.c`, compile with `make`. Start `nc` and run `pwn.sh` inside the container.

# Notes
- This exploit is destructive: it'll overwrite `/usr/bin/docker-runc` binary *on the host* with the
payload. It'll also overwrite `/bin/sh` inside the container.
- Tested only on Debian 9.
- No attempts were made to make it stable or reliable, it's only tested to work when a `docker exec
<id> /bin/sh` is issued on the host.

More complete explanation [here](https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d).

Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46359.zip

Navigation

Suggest Exploit

Services By CQR