#VU39817 Improper access control in firejail


Published: 2017-01-19 | Updated: 2020-08-08

Vulnerability identifier: #VU39817

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9016

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
firejail
Other software / Other software solutions

Vendor: firejail.wordpress.com

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Mitigation
Install update from vendor's website.

Vulnerable software versions

firejail: 0.9.38.4

External links
http://www.openwall.com/lists/oss-security/2016/10/25/3
http://www.openwall.com/lists/oss-security/2016/10/25/9
http://www.securityfocus.com/bid/93899

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Improper access control in firejail.wordpress.com firejail