CVE-2017-5180

HIGH

Firejail <0.9.44.4 & 0.9.38.x LTS <0.9.38.8 - Sandbox-Escape

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5180. PoCs published by Sebastian Krahmer.

AI-analyzed exploit summary This exploit leverages a race condition in Firejail to gain root privileges by manipulating /etc/ld.so.preload via a symlink attack. It uses a shared library that acts as both an executable and a preloaded library to spawn a root shell.

Description

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.

Exploits (1)

exploitdb WORKING POC

by Sebastian Krahmer · clocallinux

https://www.exploit-db.com/exploits/43359

View Code ZIP pw:eip

This exploit leverages a race condition in Firejail to gain root privileges by manipulating /etc/ld.so.preload via a symlink attack. It uses a shared library that acts as both an executable and a preloaded library to spawn a root shell.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Firejail (tested with commit 699ab75654ad5ab7b48b067a2679c544cc8725f6)

No auth needed

Prerequisites: Firejail installed · User access to execute firejail · Write access to home directory

MITRE ATT&CK

T1548.001 - Setuid and Setgid T1574.006 - Dynamic Linker Hijacking

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/95298

Release Notes, Vendor Advisory x_refsource_misc

https://firejail.wordpress.com/download-2/release-notes/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201701-62

Mailing List, Third Party Advisory x_refsource_misc

http://openwall.com/lists/oss-security/2017/01/04/2

Scores

CVSS v3 8.8

EPSS 0.0010

EPSS Percentile 27.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (2)

firejail_project/firejail < 0.9.44.4

firejail_project/firejail 0.9.38 - 0.9.38.8

Published Feb 09, 2017

Tracked Since Feb 18, 2026