Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2021-26910

Published: 08/02/2021 Updated: 23/05/2022
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 615
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Firejail Project

Vulnerability Summary

Firejail prior to 0.9.64.4 allows malicious users to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

firejail project firejail

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian Security Advisories: DSA-4849-1 firejail -- security update
Roman Fiedler discovered a vulnerability in the OverlayFS code in firejail, a sandbox program to restrict the running environment of untrusted applications, which could result in root privilege escalation This update disables OverlayFS support in firejail For the stable distribution (buster), this problem has been fixed in version 09582-2+deb1 ...
Arch Linux Issues:
Firejail before 09644 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation ...

Github Repositories

https://github.com/sailfishos-mirror/firejail

https://github.com/netblue30/firejail.git

Firejail Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table,

https://github.com/orgTestCodacy11KRepos110MB/repo-1121-firejail

Firejail Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount

https://github.com/netblue30/firejail

Linux namespaces and seccomp-bpf sandbox

Firejail Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table,

References

CWE-367https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834bhttps://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txthttps://github.com/netblue30/firejail/releases/tag/0.9.64.4https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/http://www.openwall.com/lists/oss-security/2021/02/09/1https://www.debian.org/security/2021/dsa-4849https://lists.debian.org/debian-lts-announce/2021/02/msg00015.htmlhttps://security.gentoo.org/glsa/202105-19https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4849https://github.com/sailfishos-mirror/firejail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook