PT-2017-16367 · Firejail+1 · Firejail+1
Sebastian Krahmer
·
Publicado
2017-01-08
·
Atualizado
2024-06-15
·
CVE-2017-5180
CVSS v3.1
8.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Firejail versions prior to 0.9.44.4
Firejail versions 0.9.38.x prior to 0.9.38.8 LTS
Description
The issue allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option, due to the software not considering the .Xauthority case during its attempt to prevent accessing user files with an euid of zero.
Recommendations
For Firejail versions prior to 0.9.44.4, update to version 0.9.44.4 or later.
For Firejail versions 0.9.38.x prior to 0.9.38.8 LTS, update to version 0.9.38.8 LTS or later.
Exploit
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Firejail