oss-sec mailing list archives
Re: Firejail local root exploit
From: Ion Ionescu <netblue30 () yahoo com>
Date: Sun, 29 Jan 2017 13:14:25 +0000 (UTC)
Hello, The first fix for CVE-2017-5180 in Firejail version 0.9.44.4 and 0.9.38.8 (LTS) was incomplete. Changing .Xauthority to .bashrc in the exploit code, the problem is still there - credit Sebastian Krahmer. New releases are out: 0.9.44.8 and 0.9.38.10 (LTS). Please assign a new CVE. Thank you, Ion Ionescu From: Sebastian Krahmer <krahmer () suse com> To: oss-security () lists openwall com Cc: netblue30 () yahoo com Sent: Wednesday, January 4, 2017 8:12 AM Subject: Firejail local root exploit Hi Please find attached PoC for firejail, which seems to be quite popular sandboxing tool. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse com - SuSE Security Team
Current thread:
- Re: Re: Firejail local root exploit, (continued)
- Re: Re: Firejail local root exploit Simon McVittie (Jan 08)
- Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Re: Firejail local root exploit Thomas Deutschmann (Jan 31)