Bugzilla – Bug 1018259
VUL-0: CVE-2017-5180: firejail: local root exploit
Last modified: 2017-01-05 16:33:30 UTC
courtesy bug from the SUSE security team for a package not in the distribution: from http://seclists.org/oss-sec/2017/q1/20 > * Firejail has too broad attack surface that allows users > * to specify a lot of options, where one of them eventually > * broke by accessing user-files while running with euid 0. > > const char *const ldso = "/etc/ld.so.preload"; > ... > snprintf(path, sizeof(path) - 1, "%s/.firenail/.Xauthority", home); > ... > symlink(ldso, path) https://github.com/netblue30/firejail/issues/1020 https://github.com/netblue30/firejail/commit/60d4b478f65c60bcc825bb56f85fd6c4fd48b250 https://github.com/netblue30/firejail/commit/e74fdab5d2125ce8f058c1630ce7cce19cbdac16 Also note that Virtualization/firejail is at 0.9.44, while 0.9.44.2 has the following: https://firejail.wordpress.com/download-2/release-notes/ > Version 0.9.44.2, Sunday, December 4, 2016 > > security: overwrite /etc/resolv.conf found by Martin Carpenter > secuirty: TOCTOU exploit for –get and –put found by Daniel Hodson > security: invalid environment exploit found by Martin Carpenter > security: several security enhancements References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5180 http://seclists.org/oss-sec/2017/q1/21
Submitted with the update to 0.9.44.2 and the two fix patches now. Thanks.
is the CVE correct? it is quite high for a 2017 one
(In reply to Marcus Meissner from comment #2) > is the CVE correct? it is quite high for a 2017 one From http://seclists.org/oss-sec/2017/q1/21 > Use CVE-2017-5180.