CVE-2017-5180

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
firejail_projectfirejail
𝑥
< 0.9.44.4
firejail_projectfirejail
0.9.38 ≤
𝑥
< 0.9.38.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firejail
bullseye (security)
0.9.64.4-2+deb11u1
fixed
bullseye
0.9.64.4-2+deb11u1
fixed
bookworm
0.9.72-2
fixed
sid
0.9.72-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firejail
zesty
not-affected
yakkety
ignored
xenial
Fixed 0.9.38-1ubuntu0.1
released
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2017/01/04/2
http://www.securityfocus.com/bid/95298
https://firejail.wordpress.com/download-2/release-notes/
https://security.gentoo.org/glsa/201701-62
http://openwall.com/lists/oss-security/2017/01/04/2
http://www.securityfocus.com/bid/95298
https://firejail.wordpress.com/download-2/release-notes/
https://security.gentoo.org/glsa/201701-62