Vulnerabilites related to Apache - Apache Mesos
cve-2019-0204
Vulnerability from cvelistv5
Published
2019-03-25 21:43
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/107605 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2019:3892 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Mesos |
Version: pre-1.4.x Version: 1.4.0 to 1.4.2 Version: 1.5.0 to 1.5.2 Version: 1.6.0 to 1.6.1 Version: 1.7.0 to 1.7.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:44:14.728Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { name: "107605", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107605", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Mesos", vendor: "Apache", versions: [ { status: "affected", version: "pre-1.4.x", }, { status: "affected", version: "1.4.0 to 1.4.2", }, { status: "affected", version: "1.5.0 to 1.5.2", }, { status: "affected", version: "1.6.0 to 1.6.1", }, { status: "affected", version: "1.7.0 to 1.7.1", }, ], }, ], datePublic: "2019-03-23T00:00:00", descriptions: [ { lang: "en", value: "A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.", }, ], problemTypes: [ { descriptions: [ { description: "Other", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-14T23:06:47", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c%40%3Cdev.mesos.apache.org%3E", }, { name: "107605", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107605", }, { name: "RHSA-2019:3892", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0204", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Mesos", version: { version_data: [ { version_value: "pre-1.4.x", }, { version_value: "1.4.0 to 1.4.2", }, { version_value: "1.5.0 to 1.5.2", }, { version_value: "1.6.0 to 1.6.1", }, { version_value: "1.7.0 to 1.7.1", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Other", }, ], }, ], }, references: { reference_data: [ { name: "[mesos-dev] 20190323 CVE-2019-0204: Some Mesos components can be overwritten making arbitrary code execution possible.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E", }, { name: "107605", refsource: "BID", url: "http://www.securityfocus.com/bid/107605", }, { name: "RHSA-2019:3892", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3892", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-0204", datePublished: "2019-03-25T21:43:04", dateReserved: "2018-11-14T00:00:00", dateUpdated: "2024-08-04T17:44:14.728Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }