Firejail Local Elevation of Privilege Vulnerability

Firejail is a SUID program designed to reduce the risk of security violations by restricting the runtime environment of untrusted applications through the use of Linux namespaces and seccomp-bpf. Firejail suffers from a local elevation of privilege vulnerability. An attacker could exploit this...

Firejail Security Bypass Vulnerability

Firejail is a set of SUID programs written in C that reduces the risk of security vulnerabilities by restricting the operating environment of untrusted applications using Linux namespaces and seccomp-bpf, a sandboxing mechanism. A security bypass vulnerability exists in Firejail. An attacker coul...

Fedora 25 : php-pear-PHP-CodeSniffer (2017-ca3f01bd37)

Version 2.8.1 - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for arbitrary...

Ubuntu 14.04 LTS / 16.04 LTS : LXC vulnerability (USN-3224-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3224-1 advisory. Jann Horn discovered that LXC incorrectly verified permissions when creating virtual network interfaces. A local attacker could possibly use this issu...

Ubuntu: Security Advisory (USN-3224-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary shell execution

Security Advisory This release contains a fix for a security advisory related to the improper handling of shell commands Uses of shellexec and exec were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary co...

Firejail: Multiple vulnerabilities

Background A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Description Multiple vulnerabilities have been discovered in Firejail. Please review the CVE identifiers referenced below f...

Firejail '/etc/resolv.conf' Remote Security Bypass Vulnerability

Firejail is a suite of SUID programs written in C that reduces the risk of security vulnerabilities by restricting the operating environment of untrusted applications using Linuxnamespaces and seccomp-bpf, a sandboxing mechanism. A remote security bypass vulnerability exists in Firejail. An...

Linux Kernel Local Elevation of Privilege Vulnerability (CNVD-2016-11972)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. Linux Kernel local elevation of privilege vulnerability. Since CAPNETRAW is required in the network namespace to create an AF-PACKET socket, it can be obtained by an...

Linux af_packet.c race condition (local root) (CVE-2016-8655)

To create AFPACKET sockets you need CAPNETRAW in your network namespace, which can be acquired by unprivileged processes on systems where unprivileged namespaces are enabled Ubuntu, Fedora, etc. It can be triggered from within containers to compromise the host kernel. On Android, processes with...

Firejail Remote Elevation of Privilege Vulnerability

Firejail is a suite of SUID programs written in C that reduces the risk of security vulnerabilities by restricting the runtime environment of untrusted applications using the Linux namespace and seccomp-bpf. A security vulnerability exists in Firejail that allows a remote attacker to exploit the...

CVE-2016-3388

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387...

CVE-2016-3387

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388...

Privilege escalation

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387...

Microsoft Internet Explorer and Edge Elevation of Privilege Vulnerability

Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A security vulnerability exists in Microsoft Internet Explorer and Edge that fails to properly protect private namespaces, which...

kernel: compat IPT_SO_SET_REPLACE setsockopt

A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled wit...

[SECURITY] Fedora 22 Update: mingw-xerces-c-3.1.4-1.fc22

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 24 Update: mingw-xerces-c-3.1.4-1.fc24

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

3: s2i builds implicitly perform docker builds

A flaw was found in OpenShift Enterprise when multi-tenant SDN is enabled and a build is run within a namespace that would normally be isolated from pods in other namespaces. If an s2i build is run in such an environment the container being built can access network resources on pods that should n...

3: logs from a deleted namespace can be revealed if a new namespace with the same name is created

It was found that OpenShift Enterprise would disclose log file contents from reclaimed namespaces. An attacker could create a new namespace to access log files present in a previously deleted namespace using the same name...