CVE-2017-5940
published 2017-02-09CVE-2017-5940: Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user…
PriorityP337high8.8CVSS 3.0
AVLACLPRLUINSCCHIHAH
EPSS
0.36%
27.9th percentile
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firejail | < firejail 0.9.44.6-1 (bookworm) | firejail 0.9.44.6-1 (bookworm) |
| firejail_project | firejail | >= 0 < 0.9.44.6-1 | 0.9.44.6-1 |
| firejail_project | firejail | >= 0 < 0.9.44.6-1 | 0.9.44.6-1 |
| firejail_project | firejail | >= 0 < 0.9.44.6-1 | 0.9.44.6-1 |
| firejail_project | firejail | >= 0 < 0.9.44.6-1 | 0.9.44.6-1 |
| firejail_project | firejail | 0.9.38 – 0.9.38.10 | — |
| firejail_project | firejail | 0.9.40 – 0.9.44.6 | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2mx9-jpq3-jxj6: Firejail before 0
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2017-5940 [HIGH] CWE-269 GHSA-2mx9-jpq3-jxj6: Firejail before 0
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
OSV
CVE-2017-5940: Firejail before 0
osv·2017-02-09·CVSS 8.8
CVE-2017-5940 [HIGH] CVE-2017-5940: Firejail before 0
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
Debian
CVE-2017-5940: firejail - Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehe...
vendor_debian·2017·CVSS 8.8
CVE-2017-5940 [HIGH] CVE-2017-5940: firejail - Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehe...
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
Scope: local
bookworm: resolved (fixed in 0.9.44.6-1)
bullseye: resolved (fixed in 0.9.44.6-1)
forky: resolved (fixed in 0.9.44.6-1)
sid: resolved (fixed in 0.9.44.6-1)
trixie: resolved (fixed in 0.9.44.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2017/01/31/16http://www.securityfocus.com/bid/96221https://firejail.wordpress.com/download-2/release-notes/https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858fhttps://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592efhttps://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863https://security.gentoo.org/glsa/201702-03http://www.openwall.com/lists/oss-security/2017/01/31/16http://www.securityfocus.com/bid/96221https://firejail.wordpress.com/download-2/release-notes/https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858fhttps://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592efhttps://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863https://security.gentoo.org/glsa/201702-03
2017-02-09
Published