PT-2019-11188 · Apache · Apache Mesos

Gilbert Song

Publicado

2019-03-25

Atualizado

2022-05-13

CVE-2019-0204

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Apache Mesos versions prior to 1.4.x Apache Mesos versions 1.4.0 through 1.4.2 Apache Mesos versions 1.5.0 through 1.5.2 Apache Mesos versions 1.6.0 through 1.6.1 Apache Mesos versions 1.7.0 through 1.7.1

Description: A malicious actor can gain root-level code execution on the host by overwriting the init helper binary of the container runtime and/or the command executor in Apache Mesos using a specifically crafted Docker image running under the root user.

Recommendations: For versions prior to 1.4.x, update to a version newer than 1.4.x. For versions 1.4.0 through 1.4.2, update to a version newer than 1.4.2. For versions 1.5.0 through 1.5.2, update to a version newer than 1.5.2. For versions 1.6.0 through 1.6.1, update to a version newer than 1.6.1. For versions 1.7.0 through 1.7.1, update to a version newer than 1.7.1.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-0204

GHSA-32W9-2QPC-5F9V

Produtos afetados

Apache Mesos

PT-2019-11188 · Apache · Apache Mesos

CVE-2019-0204

Identificadores relacionados

Produtos afetados

Referências · 7