oss-sec mailing list archives

Re: Firejail local root exploit

From: Ion Ionescu <netblue30 () yahoo com>
Date: Sun, 29 Jan 2017 13:14:25 +0000 (UTC)

Hello,
The first fix for CVE-2017-5180 in Firejail version 0.9.44.4 and 0.9.38.8 (LTS) was incomplete. Changing .Xauthority to 
.bashrc in the exploit code, the problem is still there - credit Sebastian Krahmer.
New releases are out: 0.9.44.8 and 0.9.38.10 (LTS). Please assign a new CVE.
Thank you,
Ion Ionescu

      From: Sebastian Krahmer <krahmer () suse com>
 To: oss-security () lists openwall com 
Cc: netblue30 () yahoo com
 Sent: Wednesday, January 4, 2017 8:12 AM
 Subject: Firejail local root exploit

Hi

Please find attached PoC for firejail, which seems to be quite
popular sandboxing tool.

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse com - SuSE Security Team

Current thread:

Re: Re: Firejail local root exploit, (continued)
- - - Re: Re: Firejail local root exploit Simon McVittie (Jan 08)
    - Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
    - Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
    - Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
    - Re: Firejail local root exploit cve-assign (Jan 07)
    - Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
    - Re: Firejail local root exploit cve-assign (Jan 07)
  - Re: Re: Firejail local root exploit Marcus Meissner (Jan 06)
    - Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Firejail local root exploit KellerFuchs (Jan 05)
- Re: Firejail local root exploit Ion Ionescu (Jan 29)
  - Re: Re: Firejail local root exploit Thomas Deutschmann (Jan 31)
- Re: Re: Firejail local root exploit Thomas Deutschmann (Feb 09)