CVE-2017-5940 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2017-5940?

CVE-2017-5940 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-5940?

Check the references section above for vendor advisories and patch information. Affected products include: Firejail Project Firejail.

Vulnerability Description

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Firejail Project	Firejail	>= 0.9.38, <= 0.9.38.10

Related Weaknesses (CWE)

CWE-269

References

http://www.openwall.com/lists/oss-security/2017/01/31/16Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/96221Third Party AdvisoryVDB Entry
https://firejail.wordpress.com/download-2/release-notes/Release NotesVendor Advisory
https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c29Issue TrackingPatchThird Party Advisory
https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515Issue TrackingPatchThird Party Advisory
https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3daIssue TrackingPatchThird Party Advisory
https://security.gentoo.org/glsa/201702-03Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/01/31/16Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/96221Third Party AdvisoryVDB Entry
https://firejail.wordpress.com/download-2/release-notes/Release NotesVendor Advisory
https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c29Issue TrackingPatchThird Party Advisory
https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515Issue TrackingPatchThird Party Advisory
https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3daIssue TrackingPatchThird Party Advisory
https://security.gentoo.org/glsa/201702-03Third Party Advisory

FAQ

What is CVE-2017-5940?

CVE-2017-5940 is a vulnerability with a CVSS score of 8.8 (HIGH). Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows loca...

How severe is CVE-2017-5940?

CVE-2017-5940 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5940?

Check the references section above for vendor advisories and patch information. Affected products include: Firejail Project Firejail.