CVE-2017-5180

EUVD-2017-14289
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
firejail_projectfirejail
𝑥
< 0.9.44.4
firejail_projectfirejail
0.9.38 ≤
𝑥
< 0.9.38.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firejail
bookworm
0.9.72-2
fixed
bullseye
0.9.64.4-2+deb11u1
fixed
bullseye (security)
0.9.64.4-2+deb11u1
fixed
sid
0.9.72-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firejail
precise
dne
trusty
dne
xenial
Fixed 0.9.38-1ubuntu0.1
released
yakkety
ignored
zesty
not-affected
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2017/01/04/2
http://www.securityfocus.com/bid/95298
https://firejail.wordpress.com/download-2/release-notes/
https://security.gentoo.org/glsa/201701-62
http://openwall.com/lists/oss-security/2017/01/04/2
http://www.securityfocus.com/bid/95298
https://firejail.wordpress.com/download-2/release-notes/
https://security.gentoo.org/glsa/201701-62