CVE-2017-5940
Publication date 9 February 2017
Last updated 17 July 2025
Ubuntu priority
Description
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firejail | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
References
Other references
- https://github.com/netblue30/firejail/blob/0.9.44.6/RELNOTES
- https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f (0.9.44.6)
- https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 (0.9.44.6)
- http://www.openwall.com/lists/oss-security/2017/01/29/4
- http://www.openwall.com/lists/oss-security/2017/01/31/16
- https://firejail.wordpress.com/download-2/release-notes/
- https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f
- https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef
- https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863
- https://www.cve.org/CVERecord?id=CVE-2017-5940