Lucene search
Veracode Vulnerability DatabaseVERACODE:29312HistoryFeb 09, 2021 - 8:07 a.m.
Access Control Bypass
2021-02-0908:07:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.001 Low
EPSS
Percentile
29.7%
Firejail is vulnerable to access control bypass. A TOCTOU race condition between a stat operation and an OverlayFS mount operation allows an attacker to bypass access controls.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firejail:sid | eq | 0.9.64-1 | |
| firejail:buster | eq | 0.9.58.2-2+deb10u1 | |
| firejail:bullseye | eq | 0.9.64-1 | |
| firejail:3.13 | eq | 0.9.64-r0 |
References
www.openwall.com/lists/oss-security/2021/02/09/1
github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
github.com/netblue30/firejail/releases/tag/0.9.64.4
lists.debian.org/debian-lts-announce/2021/02/msg00015.html
security-tracker.debian.org/tracker/CVE-2021-26910
security.gentoo.org/glsa/202105-19
unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
www.debian.org/security/2021/dsa-4849
Related
osv
osv
firejail - security update
2021-02-09 00:00:00
CVE-2021-26910
2021-02-08 20:15:13
firejail - security update
2021-02-11 00:00:00
cve
cve
CVE-2021-26910
2021-02-08 20:15:13
ubuntucve
ubuntucve
CVE-2021-26910
2021-02-08 00:00:00
debian
debian
[SECURITY] [DSA 4849-1] firejail security update
2021-02-09 21:18:28
[SECURITY] [DLA 2554-1] firejail security update
2021-02-11 06:45:23
[SECURITY] [DSA 4849-1] firejail security update
2021-02-09 21:18:28
archlinux
archlinux
[ASA-202102-26] firejail: privilege escalation
2021-02-12 00:00:00
nessus
nessus
Ubuntu 20.04 LTS : Firejail vulnerability (USN-5141-1)
2021-11-11 00:00:00
Debian DLA-2554-1 : firejail security update
2021-02-12 00:00:00
Debian DSA-4849-1 : firejail - security update
2021-02-10 00:00:00
alpinelinux
alpinelinux
CVE-2021-26910
2021-02-08 20:15:13
prion
prion
Race condition
2021-02-08 20:15:00
openvas
openvas
Debian: Security Advisory (DSA-4849-1)
2021-02-10 00:00:00
Mageia: Security Advisory (MGASA-2021-0120)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-5141-1)
2021-11-12 00:00:00
gentoo
gentoo
Firejail: Privilege escalation
2021-05-26 00:00:00
ubuntu
ubuntu
Firejail vulnerability
2021-11-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2289
2023-11-07 09:51:32
debiancve
debiancve
CVE-2021-26910
2021-02-08 20:15:13
mageia
mageia
Updated firejail package fixes a security vulnerability
2021-03-12 04:25:47
redhatcve
redhatcve
CVE-2021-26910
2022-05-21 00:04:53
nvd
nvd
CVE-2021-26910
2021-02-08 20:15:13
cvelist
cvelist
CVE-2021-26910
2021-02-08 19:56:38
suse
suse
Security update for firejail (important)
2021-02-10 00:00:00