CVE-2016-3697

CWE-264 CWE-269 — Improper Privilege Management11 documents8 sources

Severity

7.8HIGH

EPSS

0.1%

top 82.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Opencontainers/runc Docker Docker Linuxfoundation Runc +1 more

Timeline

PublishedJun 1

Latest updateDec 20

Description

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶Gogithub.com/opencontainers/runc< 0.1.0

▶Debianrunc< 0.1.0+dfsg-1+3

▶NVDdocker/docker1.11.1

▶NVDlinuxfoundation/runc0.0.9

▶NVDopensuse/opensuse13.2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Privilege Elevation in runc↗2021-12-20

▶

GHSA

Privilege Elevation in runc↗2021-12-20

▶

OSV

Privilege escalation in github.com/opencontainers/runc↗2021-04-14

▶

CVEList

CVE-2016-3697: libcontainer/user/user↗2016-06-01

▶

OSV

CVE-2016-3697: libcontainer/user/user↗2016-06-01

▶

📋Vendor Advisories

Microsoft

libcontainer/user/user.go in runC before 0.1.0 as used in Docker before 1.11.2 improperly treats a numeric UID as a potential username which allows local users to gain privileges via a numeric usernam↗2016-06-14

▶

Red Hat

docker: privilege escalation via confusion of usernames and UIDs↗2016-04-22

▶

Debian

CVE-2016-3697: docker.io - libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2,...↗2016

▶

💬Community

Bugzilla

CVE-2016-3697 docker: privilege escalation via confusion of usernames and UIDs [fedora-all]↗2016-04-22

▶

Bugzilla

CVE-2016-3697 docker: privilege escalation via confusion of usernames and UIDs↗2016-04-22

▶