Russian Vulnerability Scanner Database

Back to List

BDU:2023-03869

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.8high3.x
0246810

CVSS Score: 7.8/10

All CVSS Scores

CVSS 3.x
7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
6.8

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Description

Уязвимость инструмента для запуска изолированных контейнеров Runc связана с неверным определением символических ссылок перед доступом к файлу. Эксплуатация уязвимости позволяет нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2023-28642

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28642
https://github.com/opencontainers/runc/pull/3785
https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
https://nvd.nist.gov/vuln/detail/CVE-2023-28642
https://security-tracker.debian.org/tracker/CVE-2023-28642
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD
https://altsp.su/obnovleniya-bezopasnosti/
https://access.redhat.com/security/cve/CVE-2023-28642
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
https://redos.red-soft.ru/support/secure/
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2209

Recommendations

Source: bdu

Использование рекомендаций:
Для Runc:
https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c

Для Debian:
https://security-tracker.debian.org/tracker/CVE-2023-28642

Для ОС Astra Linux:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD



Для ОС Альт 8 СП:
https://cve.basealt.ru/

Для продуктов Red Hat inc.:
https://access.redhat.com/security/cve/CVE-2023-28642



Для ОС Astra Linux Special Edition для архитектуры ARM 4.7:

использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47

Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Для операционной системы РОСА ХРОМ: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2209

URL: https://bdu.fstec.ru/vul/2023-03869

Vulnerable Software (30)

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: astra 1.7

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: altlinux 8

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: red hat enterprise linux 9

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: debian gnu/linux 10

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: debian gnu/linux 11

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: debian gnu/linux 12

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: redos 7.3

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: astra 4.7

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu

Type: Configuration

Vendor: docker inc.

Product: runc

Operating System: роса хром 12.4

Trait: 
{  "version_end_excluding": "1.1.5"}

Source: bdu