Published: 23/03/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Firejail prior to 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
firejail project firejail

Debian Bug report logs - #850528 firejail: CVE-2017-5207: root shell via --bandwidth and --shell Package: src:firejail; Maintainer for src:firejail is Reiner Herrmann <reiner@reiner-hde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Jan 2017 13:36:01 UTC Severity: grave Tags: fixed-upstream, p ...

Debian Bug report logs - #850558 firejail: CVE-2017-5206 Package: src:firejail; Maintainer for src:firejail is Reiner Herrmann <reiner@reiner-hde>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Jan 2017 18:18:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in versi ...

A vulnerability has been discovered when providing a custom shell as a parameter to the firejail bandwidth command By making this custom shell ignore the -c (for command) option, an attacker can execute an arbitrary command to, for example, obtain a root shell ...

CWE-269 https://security.gentoo.org/glsa/201701-62 https://github.com/netblue30/firejail/issues/1023 https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc https://firejail.wordpress.com/download-2/release-notes/http://www.openwall.com/lists/oss-security/2017/01/07/6 http://www.securityfocus.com/bid/97385 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850528 https://security.archlinux.org/CVE-2017-5207

CVE-2017-5207

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect