oss-sec mailing list archives
Re: Firejail local root exploit
From: <cve-assign () mitre org>
Date: Wed, 4 Jan 2017 12:16:49 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
* Firejail has too broad attack surface that allows users * to specify a lot of options, where one of them eventually * broke by accessing user-files while running with euid 0.
const char *const ldso = "/etc/ld.so.preload"; ... snprintf(path, sizeof(path) - 1, "%s/.firenail/.Xauthority", home); ... symlink(ldso, path)
Use CVE-2017-5180.
* There are some other similar races.
We feel that other races, when they are announced, should have different CVE IDs. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYbS2sAAoJEHb/MwWLVhi2h4sP/0ZdfLYZ5VQz6wINwE6Uqz9v T9fJj9BSxOmB2fupa+zaWEPUgdYsDLqlDo58l7SuskkWey6mPKWwghXm7c8ixWTR /WWrpso7BQBw8HMKs9hn3Z8Ftx4c1pJ6K2ofMwURQ8lFG31u2pxb2SMzKyOgXIAe KTlHgWMUuKl8QfrZVB2DZFiMdtbg/Q08+UaRWFtN5A9PYyhXH+ACLUWO6zjnxvYx fRPzwrYTRYQuJwGDypRct6kjW5otH1CEzrcxtHQXyMd+1/OvtxRtLbXoUwnK5u6p Ja5XkbQ399ll0k1fjJ9Cnd1ZF9hfHvNHS8a/kCNYyyh/jzEATwb0lVbdvpvb4684 ZA8kKiwRyaGNK5z3AdIP5CLr8tG+JXAQomGOMJS/plCh/6h+wSi08zFVygJhyVFC sMPpxWS7x19HxsKY2ftPA3WkZ6EtSg9B/PpSE2N160AvADaSjZbtkhKfSAw31Mh3 VuSXWQb55ZhX04Tfjpn5ulTFRk1+723CJ8c/C4GZRDh4u1Uq5UF67v42AGciX49j 05bxf2Hchr+ObJ8teNn+hb2EzAksNBWq5o/AOPUSSC4A4oHJazvf50t9jm3Umebp 7XcvgYWyaYNJPeR8ukH/776oQOip7jJDNjgNnobGE1dhgTOmKFTPQzO0bXn/p5bG oWyUz0UzdkSOBT1UvgIR =kDOG -----END PGP SIGNATURE-----
Current thread:
- Firejail local root exploit Sebastian Krahmer (Jan 04)
- Re: Firejail local root exploit cve-assign (Jan 04)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 05)
- Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Re: Firejail local root exploit sivmu (Jan 06)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Simon McVittie (Jan 08)
- Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 05)
- Re: Firejail local root exploit cve-assign (Jan 04)
- Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
- Re: Firejail local root exploit cve-assign (Jan 07)