Main Vulnerability Database Vulnerabilities #VU45677

#VU45677 Improper Privilege Management in firejail - CVE-2017-5940

Published: August 13, 2020

Vulnerability identifier: #VU45677

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5940

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
firejail

Software vendor:
firejail.wordpress.com

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to firejail does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.

Remediation

Install updates from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2017/01/31/16
http://www.securityfocus.com/bid/96221
https://firejail.wordpress.com/download-2/release-notes/
https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f
https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef
https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863
https://security.gentoo.org/glsa/201702-03

#VU45677 Improper Privilege Management in firejail - CVE-2017-5940

Description

Remediation

External links

Please verify you're human