CVE-2017-5206 — CRITICAL (9.0)

Q: What is CVE-2017-5206?

CVE-2017-5206 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.

Q: How severe is CVE-2017-5206?

CVE-2017-5206 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-5206?

Check the references section above for vendor advisories and patch information. Affected products include: Firejail Project Firejail, Linux Linux Kernel.

Vulnerability Description

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.

CVSS Score

9.0

CRITICAL

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Firejail Project	Firejail	< 0.9.44.4
Linux	Linux Kernel	< 4.8

References

http://www.openwall.com/lists/oss-security/2017/01/07/5Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/97120Third Party AdvisoryVDB Entry
https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51Third Party Advisory
https://firejail.wordpress.com/download-2/release-notes/Release NotesVendor Advisory
https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cIssue TrackingPatchThird Party Advisory
https://security.gentoo.org/glsa/201701-62PatchThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2017/01/07/5Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/97120Third Party AdvisoryVDB Entry
https://blog.lizzie.io/linux-containers-in-500-loc.html#fn.51Third Party Advisory
https://firejail.wordpress.com/download-2/release-notes/Release NotesVendor Advisory
https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cIssue TrackingPatchThird Party Advisory
https://security.gentoo.org/glsa/201701-62PatchThird Party AdvisoryVDB Entry

FAQ

What is CVE-2017-5206?

CVE-2017-5206 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.

How severe is CVE-2017-5206?

CVE-2017-5206 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-5206?

Check the references section above for vendor advisories and patch information. Affected products include: Firejail Project Firejail, Linux Linux Kernel.