FS#52381 - [firejail]local root exploit (CVE-2017-5180)
Attached to Project:
Community Packages
Opened by Filip Frackiewicz (notreallyhere) - Thursday, 05 January 2017, 21:20 GMT
Last edited by Levente Polyak (anthraxx) - Tuesday, 17 January 2017, 17:01 GMT
Opened by Filip Frackiewicz (notreallyhere) - Thursday, 05 January 2017, 21:20 GMT
Last edited by Levente Polyak (anthraxx) - Tuesday, 17 January 2017, 17:01 GMT
|
Details
Firejail has a local root exploit as of version 0.9.44.
Proof of concept: http://seclists.org/oss-sec/2017/q1/att-20/firenail_c.bin Description of the issue: http://seclists.org/oss-sec/2017/q1/21 Possible fix #1: https://github.com/hashbang/shell-etc/pull/133 And some security fixes committed on firejail's github: https://github.com/netblue30/firejail/commit/60d4b478f65c60bcc825bb56f85fd6c4fd48b250#commitcomment-20366636 |
This task depends upon
Closed by Levente Polyak (anthraxx)
Tuesday, 17 January 2017, 17:01 GMT
Reason for closing: Fixed
Additional comments about closing: 0.9.44.6-1
Tuesday, 17 January 2017, 17:01 GMT
Reason for closing: Fixed
Additional comments about closing: 0.9.44.6-1
https://github.com/netblue30/firejail/commit/60d4b478f65c60bcc825bb56f85fd6c4fd48b250
https://github.com/netblue30/firejail/commit/e74fdab5d2125ce8f058c1630ce7cce19cbdac16
https://github.com/netblue30/firejail/commit/85517885bece9209bbcace80fec115b0126263ad
https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc