CVE-2017-5180

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-5180

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5180.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-5180

Related

Published

2017-02-09T18:59:00Z

Modified

2024-09-18T01:00:19Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.

References

Affected packages

Debian:11 / firejail

Package

Name: firejail
Purl: pkg:deb/debian/firejail?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.44.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / firejail

Package

Name: firejail
Purl: pkg:deb/debian/firejail?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.44.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/netblue30/firejail

Affected ranges

Type: GIT
Repo: https://github.com/netblue30/firejail
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e0422ca2be6482f375400562b68e9d72d739964b