Improper Privilege Management in firejail - CVE-2017-5940

 

Improper Privilege Management in firejail - CVE-2017-5940

Published: August 13, 2020


Vulnerability identifier: #VU45677
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-5940
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: firejail.wordpress.com
Affected software:
firejail

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to firejail does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.


How to mitigate CVE-2017-5940

Install updates from vendor's website.

Sources