Lucene search

Ubuntu.comUB:CVE-2017-5180

HistoryFeb 09, 2017 - 12:00 a.m.

CVE-2017-5180

2017-02-0900:00:00

ubuntu.com

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

26.8%

JSON

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not
consider the .Xauthority case during its attempt to prevent accessing user
files with an euid of zero, which allows local users to conduct
sandbox-escape attacks via vectors involving a symlink and the --private
option.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchfirejail< 0.9.38-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	firejail	< 0.9.38-1ubuntu0.1	UNKNOWN

References

www.openwall.com/lists/oss-security/2017/01/04/1

www.openwall.com/lists/oss-security/2017/01/05/1

github.com/netblue30/firejail/issues/1020

launchpad.net/bugs/cve/CVE-2017-5180

nvd.nist.gov/vuln/detail/CVE-2017-5180

security-tracker.debian.org/tracker/CVE-2017-5180

www.cve.org/CVERecord?id=CVE-2017-5180

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

26.8%

JSON

Related for UB:CVE-2017-5180