PT-2017-16401 · Unknown+1 · Bubblewrap+1

Hanno Böck

Published

2017-01-29

Updated

2024-06-15

CVE-2017-5226

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions bubblewrap (affected versions not specified)

Description The issue allows a nonpriv session to escape the bubblewrap sandbox by utilizing the TIOCSTI ioctl to push characters into the terminal's input buffer. This enables an attacker to bypass the sandbox restrictions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2017-1099

ALT-PU-2017-2110

CVE-2017-5226

OPENSUSE-SU-2024:10663-1

OPENSUSE-SU-2024:10762-1

OPENSUSE-SU-2024:12835-1

Affected Products

Alt Linux

Bubblewrap

PT-2017-16401 · Unknown+1 · Bubblewrap+1

CVE-2017-5226

Weakness Enumeration

Related Identifiers

Affected Products

References · 26