CVE-2017-5180

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
Severity
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Atk. Vector
LOCAL
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
firejail_projectfirejail
𝑥
< 0.9.44.4
firejail_projectfirejail
0.9.38 ≤
𝑥
< 0.9.38.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firejail
bullseye (security)
0.9.64.4-2+deb11u1
fixed
bullseye
0.9.64.4-2+deb11u1
fixed
bookworm
0.9.72-2
fixed
sid
0.9.72-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firejail
zesty
not-affected
yakkety
ignored
xenial
Fixed 0.9.38-1ubuntu0.1
released
trusty
dne
precise
dne