Mailinglist Archive: opensuse-bugs (4250 mails)

< Previous Next >
[Bug 1018259] New: VUL-0: CVE-2017-5180: firejail: local root exploit
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 05 Jan 2017 08:20:10 +0000
  • Message-id: <bug-1018259-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1018259


Bug ID: 1018259
Summary: VUL-0: CVE-2017-5180: firejail: local root exploit
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Hardware: Other
URL: https://smash.suse.de/issue/178257/
OS: Other
Status: NEW
Severity: Critical
Priority: P5 - None
Component: 3rd party software
Assignee: tiwai@xxxxxxxx
Reporter: astieger@xxxxxxxx
QA Contact: security-team@xxxxxxx
CC: krahmer@xxxxxxxx, tiwai@xxxxxxxx
Found By: Security Response Team
Blocker: ---

courtesy bug from the SUSE security team for a package not in the distribution:

from http://seclists.org/oss-sec/2017/q1/20

* Firejail has too broad attack surface that allows users
* to specify a lot of options, where one of them eventually
* broke by accessing user-files while running with euid 0.

const char *const ldso = "/etc/ld.so.preload";
...
snprintf(path, sizeof(path) - 1, "%s/.firenail/.Xauthority", home);
...
symlink(ldso, path)


https://github.com/netblue30/firejail/issues/1020
https://github.com/netblue30/firejail/commit/60d4b478f65c60bcc825bb56f85fd6c4fd48b250
https://github.com/netblue30/firejail/commit/e74fdab5d2125ce8f058c1630ce7cce19cbdac16

Also note that Virtualization/firejail is at 0.9.44, while 0.9.44.2 has the
following:
https://firejail.wordpress.com/download-2/release-notes/

Version 0.9.44.2, Sunday, December 4, 2016

security: overwrite /etc/resolv.conf found by Martin Carpenter
secuirty: TOCTOU exploit for –get and –put found by Daniel Hodson
security: invalid environment exploit found by Martin Carpenter
security: several security enhancements

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5180
http://seclists.org/oss-sec/2017/q1/21

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages