Lucene search
K

5 matches found

Prion
Prion
added 2017/02/09 6:59 p.m.15 views

Code injection

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private optio...

4.6CVSS8.3AI score0.00742EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2017/02/09 6:59 p.m.15 views

CVE-2017-5180

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option...

8.8CVSS8.2AI score
Exploits0References4
CVE
CVE
added 2017/02/09 6:0 p.m.58 views

CVE-2017-5180

CVE-2017-5180 affects Firejail prior to 0.9.44.4 and 0.9.38.x LT S before 0.9.38.8 LTS. The issue is that the .Xauthority case is not considered when preventing access to user files for an euid 0 sandbox, enabling local sandbox-escape attacks via a symlink and the --private option. Reported impac...

8.8CVSS8AI score0.00742EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/02/09 6:0 p.m.33 views

CVE-2017-5180

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option...

8.2AI score0.00742EPSS
Exploits0References4
ALT Linux
ALT Linux
added 2017/01/08 12:0 a.m.17 views

Security fix for the ALT Linux 10 package firejail version 0.9.44.4-alt1

Jan. 8, 2017 Anton Midyukov 0.9.44.4-alt1 - new version 0.9.44.4 - Update for release with security fixes: - CVE-2017-5207 -bandwidth root shell found by Martin Carpenter - CVE-2017-5206 disabled --allow-debuggers when running on kernel 4.8 - CVE-2017-5180 root exploit found by Sebastian Krahmer...

7.2CVSS8.2AI score0.01937EPSS
Exploits0
Rows per page
Query Builder