CVE-2017-5206
published 2017-03-23CVE-2017-5206: Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism…
PriorityP347critical9CVSS 3.0
AVNACHPRNUINSCCHIHAH
EPSS
1.94%
77.6th percentile
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firejail | < firejail 0.9.44.4-1 (bookworm) | firejail 0.9.44.4-1 (bookworm) |
| firejail_project | firejail | < 0.9.44.4 | 0.9.44.4 |
| firejail_project | firejail | >= 0 < 0.9.44.4-1 | 0.9.44.4-1 |
| firejail_project | firejail | >= 0 < 0.9.44.4-1 | 0.9.44.4-1 |
| firejail_project | firejail | >= 0 < 0.9.44.4-1 | 0.9.44.4-1 |
| firejail_project | firejail | >= 0 < 0.9.44.4-1 | 0.9.44.4-1 |
CVSS provenance
nvdv3.09.0CRITICALCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.0CRITICAL
vendor_debian9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2017-5206: firejail - Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows cont...
vendor_debian·2017·CVSS 9.0
CVE-2017-5206 [CRITICAL] CVE-2017-5206: firejail - Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows cont...
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
Scope: local
bookworm: resolved (fixed in 0.9.44.4-1)
bullseye: resolved (fixed in 0.9.44.4-1)
forky: resolved (fixed in 0.9.44.4-1)
sid: resolved (fixed in 0.9.44.4-1)
trixie: resolved (fixed in 0.9.44.4-1)
GHSA
GHSA-cj78-6w9j-286h: Firejail before 0
ghsa_unreviewed·2022-05-13
CVE-2017-5206 [CRITICAL] GHSA-cj78-6w9j-286h: Firejail before 0
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
OSV
CVE-2017-5206: Firejail before 0
osv·2017-03-23·CVSS 9.0
CVE-2017-5206 [CRITICAL] CVE-2017-5206: Firejail before 0
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2017/01/07/5http://www.securityfocus.com/bid/97120https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51https://firejail.wordpress.com/download-2/release-notes/https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693ehttps://security.gentoo.org/glsa/201701-62http://www.openwall.com/lists/oss-security/2017/01/07/5http://www.securityfocus.com/bid/97120https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51https://firejail.wordpress.com/download-2/release-notes/https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693ehttps://security.gentoo.org/glsa/201701-62
2017-03-23
Published