CVE-2017-5940

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
Severity
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Atk. Vector
LOCAL
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
firejail_projectfirejail
0.9.38 ≤
𝑥
≤ 0.9.38.10
firejail_projectfirejail
0.9.40 ≤
𝑥
≤ 0.9.44.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firejail
bullseye (security)
0.9.64.4-2+deb11u1
fixed
bullseye
0.9.64.4-2+deb11u1
fixed
sid
0.9.72-2
fixed
bookworm
0.9.72-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firejail
zesty
not-affected
yakkety
ignored
xenial
not-affected
trusty
dne
precise
dne