CVE-2017-5180
published 2017-02-09CVE-2017-5180: Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an…
PriorityP341high8.8CVSS 3.0
AVLACLPRLUINSCCHIHAH
EXPLOIT
EPSS
0.74%
50.0th percentile
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firejail | < firejail 0.9.44.2-3 (bookworm) | firejail 0.9.44.2-3 (bookworm) |
| debian | firejail | < firejail 0.9.44.6-1 (bookworm) | firejail 0.9.44.6-1 (bookworm) |
| firejail_project | firejail | < 0.9.44.4 | 0.9.44.4 |
| firejail_project | firejail | >= 0 < 0.9.44.6-1 | 0.9.44.6-1 |
| firejail_project | firejail | >= 0 < 0.9.44.2-3 | 0.9.44.2-3 |
| firejail_project | firejail | >= 0 < 0.9.44.6-1 | 0.9.44.6-1 |
| firejail_project | firejail | >= 0 < 0.9.44.2-3 | 0.9.44.2-3 |
| firejail_project | firejail | >= 0 < 0.9.44.6-1 | 0.9.44.6-1 |
| firejail_project | firejail | >= 0 < 0.9.44.2-3 | 0.9.44.2-3 |
| firejail_project | firejail | >= 0 < 0.9.44.6-1 | 0.9.44.6-1 |
| firejail_project | firejail | >= 0 < 0.9.44.2-3 | 0.9.44.2-3 |
| firejail_project | firejail | >= 0.9.38 < 0.9.38.8 | 0.9.38.8 |
| firejail_project | firejail | 0.9.38 – 0.9.38.10 | — |
| firejail_project | firejail | 0.9.40 – 0.9.44.6 | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j8r6-v8qr-pf69: Firejail before 0
ghsa_unreviewed·2022-05-13
CVE-2017-5180 [HIGH] CWE-862 GHSA-j8r6-v8qr-pf69: Firejail before 0
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
GHSA
GHSA-2mx9-jpq3-jxj6: Firejail before 0
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2017-5940 [HIGH] CWE-269 GHSA-2mx9-jpq3-jxj6: Firejail before 0
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
OSV
CVE-2017-5940: Firejail before 0
osv·2017-02-09·CVSS 8.8
CVE-2017-5940 [HIGH] CVE-2017-5940: Firejail before 0
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
OSV
CVE-2017-5180: Firejail before 0
osv·2017-02-09·CVSS 8.8
CVE-2017-5180 [HIGH] CVE-2017-5180: Firejail before 0
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
Debian
CVE-2017-5180: firejail - Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider ...
vendor_debian·2017·CVSS 8.8
CVE-2017-5180 [HIGH] CVE-2017-5180: firejail - Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider ...
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
Scope: local
bookworm: resolved (fixed in 0.9.44.2-3)
bullseye: resolved (fixed in 0.9.44.2-3)
forky: resolved (fixed in 0.9.44.2-3)
sid: resolved (fixed in 0.9.44.2-3)
trixie: resolved (fixed in 0.9.44.2-3)
Debian
CVE-2017-5940: firejail - Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehe...
vendor_debian·2017·CVSS 8.8
CVE-2017-5940 [HIGH] CVE-2017-5940: firejail - Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehe...
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
Scope: local
bookworm: resolved (fixed in 0.9.44.6-1)
bullseye: resolved (fixed in 0.9.44.6-1)
forky: resolved (fixed in 0.9.44.6-1)
sid: resolved (fixed in 0.9.44.6-1)
trixie: resolved (fixed in 0.9.44.6-1)
No detection rules found.
http://openwall.com/lists/oss-security/2017/01/04/2http://www.securityfocus.com/bid/95298https://firejail.wordpress.com/download-2/release-notes/https://security.gentoo.org/glsa/201701-62http://openwall.com/lists/oss-security/2017/01/04/2http://www.securityfocus.com/bid/95298https://firejail.wordpress.com/download-2/release-notes/https://security.gentoo.org/glsa/201701-62
2017-02-09
Published