oss-sec mailing list archives
Re: Re: Firejail local root exploit
From: Marcus Meissner <meissner () suse de>
Date: Fri, 6 Jan 2017 11:11:53 +0100
Hi Mitre, On Wed, Jan 04, 2017 at 12:16:49PM -0500, cve-assign () mitre org wrote:
* Firejail has too broad attack surface that allows users * to specify a lot of options, where one of them eventually * broke by accessing user-files while running with euid 0.const char *const ldso = "/etc/ld.so.preload"; ... snprintf(path, sizeof(path) - 1, "%s/.firenail/.Xauthority", home); ... symlink(ldso, path)Use CVE-2017-5180.
Is this correct? It starts quite far into the 2017 namespace? Or have other CNAs allocated the previous 5000 ? Ciao, Marcus
Current thread:
- Re: Re: Firejail local root exploit, (continued)
- Re: Re: Firejail local root exploit sivmu (Jan 06)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Simon McVittie (Jan 08)
- Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Re: Firejail local root exploit Thomas Deutschmann (Jan 31)