CVE-2017-5940
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-5940
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5940.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-5940
- Downstream
- Published
- 2017-02-09T18:59:00Z
- Modified
- 2025-10-21T02:35:54Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
- References
-
- http://www.openwall.com/lists/oss-security/2017/01/31/16
- http://www.securityfocus.com/bid/96221
- https://firejail.wordpress.com/download-2/release-notes/
- https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f
- https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef
- https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863
- https://security.gentoo.org/glsa/201702-03
Affected packages
Git / github.com/netblue30/firejail
Affected ranges
- Type
- GIT
- Repo
- https://github.com/netblue30/firejail
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"id": "CVE-2017-5940-03f3d8c6",
"signature_version": "v1",
"target": {
"function": "store_xauthority",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "63759268999330041835454085732144367715",
"length": 887.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"id": "CVE-2017-5940-0f169f83",
"signature_version": "v1",
"target": {
"file": "src/firejail/util.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"200348894722452025565699631862882460793",
"23115583235002702589020013510782768693",
"282941080128231754027002287020561738274"
]
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"id": "CVE-2017-5940-208dc32d",
"signature_version": "v1",
"target": {
"file": "src/firejail/firejail.h"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"36415115985910394298954698405508004082",
"339022242118558768890163066648080594300",
"74707124400456764585605612984234592890",
"324891731069053004206547116287640384472"
]
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"id": "CVE-2017-5940-2de1407a",
"signature_version": "v1",
"target": {
"file": "src/firejail/fs_home.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"256829374061654604936404914194516467429",
"27180702170325965788981262354742715399",
"166627008620292703616873100701282827698",
"200406466658996020928987909305954452694",
"148820331962680648503365325898971644945",
"4029491266623663117535413868193675444",
"333031275340393584340557988578893224457",
"176995247828354746875998987483628486045",
"31952681623754956022483776097748957910",
"323878215090886059023068353878873227011",
"178741523962824097345563217913352144530",
"131614749347161213139733463760012226684",
"148751409865436238677899064453889983415",
"281672409925639033598922585442639986030",
"220170956162515456776015471768641574257",
"51027542676934810478838622752204215948",
"262994147284829028594631749541890382999",
"84259735535512227009082384007448378086",
"305719926913748495676862295565960843860",
"334798839820807472756548697838983302513",
"223230875853466421300010678891066438501",
"257969067192441031428301530562256267295",
"150191657371462301629391412487170706804",
"90086587402057198567593806609588639162",
"56760244704083798916977370830605217317",
"180652399020172794002653262847836332602",
"256829374061654604936404914194516467429",
"109943640804087957179309410314234925812",
"40559014834332546631252239791292294464",
"296833318027047322824745973391557807420",
"62007142106617934897912308154037318606",
"100308140552048954431860744112146246732",
"287595706611385419066218906611656018542",
"301486772289948713037064335731263777962",
"278586138968795172555708970315859266225",
"319398299067406165297516578844027295686",
"329393456058833551229786919864785264681",
"330789020207704759132576372616762363780",
"241229430966673263807189497803233801850",
"281672409925639033598922585442639986030",
"220170956162515456776015471768641574257",
"51027542676934810478838622752204215948",
"262994147284829028594631749541890382999",
"84259735535512227009082384007448378086",
"305719926913748495676862295565960843860",
"334798839820807472756548697838983302513",
"223230875853466421300010678891066438501",
"257969067192441031428301530562256267295",
"150191657371462301629391412487170706804",
"90086587402057198567593806609588639162",
"56760244704083798916977370830605217317",
"180652399020172794002653262847836332602",
"220799260142683486300779933379000365800",
"256829374061654604936404914194516467429",
"131337329056778556775074277787950175799",
"208097509351314860162520732488685644969",
"72457858900583992271998911981459069926",
"142323346798858820595635193636464389499",
"336251365218281686106078866877506257579",
"6311868583034905124815741175809563466",
"253645690953557772575270684906320452354",
"155474370262380561409800733312361565054",
"32544279900027999804916444538212694232",
"112511743476488820035359387795977184089",
"287189317640742038733105388424809812131",
"337458438883477067860493377943148360109",
"180652399020172794002653262847836332602",
"320214796250986538674416233467325246513",
"147458053663270288431428880432070118466",
"97389440799207017453520207701117314748",
"183454293492362099397583917239044677133",
"286492067586708042598471908869658607445",
"153978549520786988149258823111789819881",
"70388574052295462130295877795926794009",
"208208040149755054712152106300322823506",
"89468597740636326263007723102185367601",
"305834204090989643411369363678840337305",
"29108687033895494393954106725064039799",
"178198084822820472614219921693370889248",
"39540525102529949430021615727495131348",
"308410031634083302995297241076661763424",
"10633049031923031452624354852868107135",
"274014056493345939647458654118134718159",
"272325583135129565114974536905288622661",
"251794837086417196623047498187948438600",
"236954693681530703195469507459090079456",
"174871716294501406840462129363217665622",
"108973889285281274079906730030369256975",
"825238737925113998805707867055072638",
"283494702502948481266628951722807675617",
"289146762422549900972759469033310552042",
"219940957790040336043292387090934320643",
"314449520989206131583410450667115406112",
"180802190412841655630677000028977197097",
"157914239557059387419953382110406353446",
"8897134024681983692284228434042366149",
"199975062347420515648431670254777297537",
"148250220692353512728239789092143349404",
"295754681346825820772667050101044340810",
"217390479379839497694220532896641574139",
"64905717489179018885214120723214795151",
"284328955687580216786959706016764179894",
"108231498073783656392610031210222162700",
"51736169236277716730521930315081594194",
"110121030450614498189050845205493898440",
"36665405487675332913544516346696526604",
"29025129535323454891764587694976352867",
"9876808118407145289238391111415939807",
"34933674909177756793683440945932518919",
"4218500856811330766304275913166169400",
"171788321599558217380121755684452810479",
"232208296104579151266580716537362708667",
"29108687033895494393954106725064039799",
"300895533487912330428193109609207376899",
"286585385588967605904462664635694263422",
"75723772249867032682510431278463163695",
"316679675276635398460260801137191928074",
"274014056493345939647458654118134718159",
"272325583135129565114974536905288622661",
"251794837086417196623047498187948438600",
"236954693681530703195469507459090079456",
"174871716294501406840462129363217665622",
"108973889285281274079906730030369256975",
"227910044636294658537340435979774231067",
"91024637173037616178986800970334637902",
"260551449232495020210298503053856014017",
"94957752366140013305259685573495966094",
"314449520989206131583410450667115406112",
"180802190412841655630677000028977197097",
"157914239557059387419953382110406353446",
"8897134024681983692284228434042366149",
"199975062347420515648431670254777297537",
"194815143776730275280142625500215501243",
"27240707337406092989940507656706198039",
"54243017476403968243070367035792402751",
"47349482650230990445455951961349449196",
"284328955687580216786959706016764179894",
"327801842488145756173027795039114419297",
"236154739343127622778586745344695360627",
"261992910301470831215653855275101492991",
"190281838377293410852468471625568328884",
"300422783927930615705922731741746266654",
"274014056493345939647458654118134718159",
"272325583135129565114974536905288622661",
"251794837086417196623047498187948438600",
"236954693681530703195469507459090079456",
"174871716294501406840462129363217665622",
"108973889285281274079906730030369256975",
"825238737925113998805707867055072638",
"283494702502948481266628951722807675617",
"289146762422549900972759469033310552042",
"219940957790040336043292387090934320643",
"314449520989206131583410450667115406112",
"180802190412841655630677000028977197097",
"157914239557059387419953382110406353446",
"7826540777617993708130159063675381842",
"10506086965465761207189953506475903011",
"23121514355491425597039363573806759602",
"255275333764343699987501183143931437590",
"285712263946374197050263414569087043662",
"204501092099411757342366068443907487387",
"298588143750672399921715765271575148089",
"96288361213064013983164883008717166423",
"220871423211604076277374545617329939197",
"261992910301470831215653855275101492991",
"190281838377293410852468471625568328884",
"300422783927930615705922731741746266654",
"274014056493345939647458654118134718159",
"272325583135129565114974536905288622661",
"251794837086417196623047498187948438600",
"236954693681530703195469507459090079456",
"174871716294501406840462129363217665622",
"108973889285281274079906730030369256975",
"227910044636294658537340435979774231067",
"91024637173037616178986800970334637902",
"260551449232495020210298503053856014017",
"94957752366140013305259685573495966094",
"314449520989206131583410450667115406112",
"180802190412841655630677000028977197097",
"157914239557059387419953382110406353446",
"7826540777617993708130159063675381842",
"10506086965465761207189953506475903011",
"23121514355491425597039363573806759602",
"255275333764343699987501183143931437590",
"285712263946374197050263414569087043662",
"204501092099411757342366068443907487387",
"142886488472217292679505672014507489563"
]
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"id": "CVE-2017-5940-3bdc7e20",
"signature_version": "v1",
"target": {
"function": "store_asoundrc",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "8394698320340542306292269739688283648",
"length": 1160.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f",
"id": "CVE-2017-5940-3faaffb4",
"signature_version": "v1",
"target": {
"file": "src/firejail/fs_home.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"256829374061654604936404914194516467429",
"27180702170325965788981262354742715399",
"329778996719374032346405673549820246647",
"289286079980491154770473207448099693063",
"69211838325664348591519854001802184754",
"191081163736090980166894813827758611621",
"256829374061654604936404914194516467429",
"109943640804087957179309410314234925812",
"175507905926140885514343139963398606181",
"235351487966747044522962546011560315709",
"181092669767029148921292023298401253081",
"321278102443320721455243946732749688096",
"256829374061654604936404914194516467429",
"131337329056778556775074277787950175799",
"291231608043847311797763509548455074573",
"249778235135981188387854415573668225415",
"84116906654402360663410109500984255008",
"300739862280858398802493809420621586420",
"320214796250986538674416233467325246513",
"147458053663270288431428880432070118466",
"97389440799207017453520207701117314748",
"108231498073783656392610031210222162700",
"51736169236277716730521930315081594194",
"110121030450614498189050845205493898440"
]
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"id": "CVE-2017-5940-43750e9b",
"signature_version": "v1",
"target": {
"function": "skel",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "85687127945534411201368470010453532626",
"length": 1688.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"id": "CVE-2017-5940-5b081a0b",
"signature_version": "v1",
"target": {
"file": "src/firejail/firejail.h"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"249130190482200412247788402530700775334",
"186601727546623225759675813486056516721",
"121597797141208945718605085594005287889",
"11933615387033352292954776480092115128"
]
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"id": "CVE-2017-5940-5f5a8069",
"signature_version": "v1",
"target": {
"function": "copy_asoundrc",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "136406472931425714219193111203877051647",
"length": 777.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"id": "CVE-2017-5940-805d5a54",
"signature_version": "v1",
"target": {
"function": "store_asoundrc",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "99974292938072042916980494955625717388",
"length": 993.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"id": "CVE-2017-5940-8ee8b2cf",
"signature_version": "v1",
"target": {
"function": "copy_xauthority",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "250440044774892348803337602214698976490",
"length": 783.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f",
"id": "CVE-2017-5940-92048268",
"signature_version": "v1",
"target": {
"function": "skel",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "59374513303441014447071846280340364813",
"length": 1422.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"id": "CVE-2017-5940-9244f902",
"signature_version": "v1",
"target": {
"file": "src/firejail/util.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"172454027806618555836987812650502487986",
"339723740635972621271675803487927320220",
"286807084036784634258736771625820965434",
"180119259454095415713502053372626763647",
"200348894722452025565699631862882460793",
"23115583235002702589020013510782768693",
"282941080128231754027002287020561738274"
]
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"id": "CVE-2017-5940-b52fab16",
"signature_version": "v1",
"target": {
"function": "copy_asoundrc",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "137434069000427222976051654430457763971",
"length": 675.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"id": "CVE-2017-5940-b59afb8b",
"signature_version": "v1",
"target": {
"file": "src/firejail/fs_home.c"
},
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"133736946705761311462941945552276840090",
"337144918590721056049676774131274471691",
"88629814020185162577856376745897127138",
"249014774019430060413723362239627911890",
"148751409865436238677899064453889983415",
"281672409925639033598922585442639986030",
"220170956162515456776015471768641574257",
"51027542676934810478838622752204215948",
"178239192405530872828032119812514806495",
"276529764847511609979531363883074994197",
"327370159638155573448654552856134986636",
"116732861275396988399416322175794966983",
"302843583754002795616278794758653294615",
"56760244704083798916977370830605217317",
"180652399020172794002653262847836332602",
"252026565832871995719428255941733560667",
"311593066148438244293458228062019668820",
"121808685259824752243381179096908481860",
"130403343738449058191399927441815089810",
"241229430966673263807189497803233801850",
"281672409925639033598922585442639986030",
"220170956162515456776015471768641574257",
"51027542676934810478838622752204215948",
"178239192405530872828032119812514806495",
"276529764847511609979531363883074994197",
"327370159638155573448654552856134986636",
"116732861275396988399416322175794966983",
"302843583754002795616278794758653294615",
"56760244704083798916977370830605217317",
"180652399020172794002653262847836332602",
"272289094254913209441164243865118867317",
"103778924842878807918427399236669311991",
"245411956782178490232042549692386127136",
"61693165948118417914716220925158576148",
"337458438883477067860493377943148360109",
"180652399020172794002653262847836332602",
"156521159601465372969048206977419041768",
"5761017000373582748168399521929412725",
"272325583135129565114974536905288622661",
"251794837086417196623047498187948438600",
"236954693681530703195469507459090079456",
"293269710774393618094856229529583304032",
"50513883307478599292053409050263548616",
"55914325855199989696424017868124393124",
"138203217898696378825532199063837185401",
"289146762422549900972759469033310552042",
"219940957790040336043292387090934320643",
"314449520989206131583410450667115406112",
"180802190412841655630677000028977197097",
"157914239557059387419953382110406353446",
"295407663426878719860498095636689965998",
"191223652047990209514638225197975490601",
"33874297859080568072139062661119008523",
"284495753429187570908174552684169088071",
"25442997546745271963158013826871196764",
"272325583135129565114974536905288622661",
"251794837086417196623047498187948438600",
"236954693681530703195469507459090079456",
"303809841074764854088469954912475570197",
"260115948945124056919495028549178553608",
"113584623026267138288928999812642343609",
"297374941882252939269475699194008916043",
"260551449232495020210298503053856014017",
"94957752366140013305259685573495966094",
"314449520989206131583410450667115406112",
"180802190412841655630677000028977197097",
"157914239557059387419953382110406353446",
"295407663426878719860498095636689965998",
"191223652047990209514638225197975490601",
"33874297859080568072139062661119008523",
"300422783927930615705922731741746266654",
"274014056493345939647458654118134718159",
"272325583135129565114974536905288622661",
"251794837086417196623047498187948438600",
"236954693681530703195469507459090079456",
"326847830041466915533979850703989902297",
"18439367514807552064218444399963989580",
"149431985285681910463823370406286733033",
"253923345347943831495982283518582722008",
"289146762422549900972759469033310552042",
"219940957790040336043292387090934320643",
"314449520989206131583410450667115406112",
"180802190412841655630677000028977197097",
"157914239557059387419953382110406353446",
"34236910581812515199399573825251297335",
"257811682606090650557736684268811488513",
"122525651887712605728690663805235499012",
"300422783927930615705922731741746266654",
"274014056493345939647458654118134718159",
"272325583135129565114974536905288622661",
"251794837086417196623047498187948438600",
"236954693681530703195469507459090079456",
"326847830041466915533979850703989902297",
"18439367514807552064218444399963989580",
"189313714006234091313065344979726351809",
"73172605071725666416274343030089567221",
"260551449232495020210298503053856014017",
"94957752366140013305259685573495966094",
"314449520989206131583410450667115406112",
"180802190412841655630677000028977197097",
"157914239557059387419953382110406353446",
"34236910581812515199399573825251297335",
"257811682606090650557736684268811488513",
"169650061134500928515050486086598434089"
]
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"id": "CVE-2017-5940-d2eb93ba",
"signature_version": "v1",
"target": {
"function": "store_xauthority",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "137626129239180345015475860575403570024",
"length": 1001.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef",
"id": "CVE-2017-5940-d32790e9",
"signature_version": "v1",
"target": {
"function": "skel",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "58458513071904434057973494356077185801",
"length": 2214.0
}
},
{
"deprecated": false,
"source": "https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863",
"id": "CVE-2017-5940-d5ef28bf",
"signature_version": "v1",
"target": {
"function": "copy_xauthority",
"file": "src/firejail/fs_home.c"
},
"signature_type": "Function",
"digest": {
"function_hash": "56229870580428982007061037259621692497",
"length": 681.0
}
}
]