VDB
CVE-2017-5940
CVE-2017-5940
PUBLISHED
CVSS 8.800000190734863 HIGH
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.
EPSS 0.08% · 23.5th percentile
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.08%
23.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| firejail_project | firejail | 0.9.38, 0.9.40 |
| n/a | n/a | n/a |
Timeline
- Feb 9, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 url
- GLSA-201702-03 vendor-advisory
- https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f url
- https://firejail.wordpress.com/download-2/release-notes/ url
- http://www.openwall.com/lists/oss-security/2017/01/31/16 url
- https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef url
- 96221 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2017-5940 advisory
- https://firejail.wordpress.com/download-2/release-notes url