CVE-2017-5940
HIGHFirejail 0.9.38-0.9.38.9 LTS and 0.9.40-0.9.44.5 - Sandbox Escape via Symlink and --private Option
Title source: llmDescription
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
References (7)
Core 7
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201702-03
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f
Release Notes, Vendor Advisory x_refsource_misc
https://firejail.wordpress.com/download-2/release-notes/
Mailing List, Patch, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2017/01/31/16
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96221
Scores
CVSS v3
8.8
EPSS
0.0036
EPSS Percentile
27.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (2)
firejail_project/firejail
0.9.38 - 0.9.38.10
firejail_project/firejail
0.9.40 - 0.9.44.6
Published
Feb 09, 2017
Tracked Since
Feb 18, 2026