Vulnerability CVE-2017-5940

Vulnerability Name:

CVE-2017-5940 (CCN-122027)

Assigned:

2017-01-31

Published:

2017-01-31

Updated:

2019-10-03

Summary:

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
Note: this vulnerability exists because of an incomplete fix for CVE-2017-5180.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-269

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2017-5940

Source: CCN
Type: oss-sec Mailing List, Tue, 31 Jan 2017 19:21:58 +0100
Re: Re: Firejail local root exploit

Source: MISC
Type: Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/31/16

Source: BID
Type: Third Party Advisory, VDB Entry
96221

Source: XF
Type: UNKNOWN
firejail-cve20175940-sec-bypass(122027)

Source: CCN
Type: Firejail Web site
Firejail | security sandbox

Source: MISC
Type: Release Notes, Vendor Advisory
https://firejail.wordpress.com/download-2/release-notes/

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863

Source: GENTOO
Type: Third Party Advisory
GLSA-201702-03

Vulnerable Configuration:

Configuration 1:

cpe:/a:firejail_project:firejail:*:*:*:*:lts:*:*:* (Version >= 0.9.38 and <= 0.9.38.10)

OR cpe:/a:firejail_project:firejail:*:*:*:*:*:*:*:* (Version >= 0.9.40 and <= 0.9.44.6)

Configuration CCN 1:

cpe:/a:firejail:firejail:0.9.38.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.xenial:def:20175940000	V	CVE-2017-5940 on Ubuntu 16.04 LTS (xenial) - untriaged.	2017-02-09
oval:com.ubuntu.xenial:def:201759400000000	V	CVE-2017-5940 on Ubuntu 16.04 LTS (xenial) - untriaged.	2017-02-09

BACK