Vulnerabilities > CVE-2017-5180 - Missing Authorization vulnerability in Firejail Project Firejail

047910
CVSS 8.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
firejail-project
CWE-862
nessus
exploit available

Summary

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionFirejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape. CVE-2017-5180. Local exploit for Linux platform
idEDB-ID:43359
last seen2017-12-19
modified2017-01-04
published2017-01-04
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/43359/
titleFirejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-201701-62.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-201701-62 (Firejail: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firejail. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly bypass sandbox protection, cause a Denial of Service condition, or escalate privileges. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id96748
published2017-01-25
reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/96748
titleGLSA-201701-62 : Firejail: Multiple vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201701-62.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(96748);
  script_version("3.6");
  script_cvs_date("Date: 2019/04/10 16:10:17");

  script_cve_id("CVE-2017-5180", "CVE-2017-5206", "CVE-2017-5207");
  script_xref(name:"GLSA", value:"201701-62");

  script_name(english:"GLSA-201701-62 : Firejail: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201701-62
(Firejail: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Firejail. Please review
      the CVE identifiers referenced below for details.
  
Impact :

    An attacker could possibly bypass sandbox protection, cause a Denial of
      Service condition, or escalate privileges.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201701-62"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Firejail users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=sys-apps/firejail-0.9.44.4'
    All Firejail-lts users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=sys-apps/firejail-lts-0.9.38.8'"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firejail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:firejail-lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"sys-apps/firejail-lts", unaffected:make_list("ge 0.9.38.8"), vulnerable:make_list("lt 0.9.38.8"))) flag++;
if (qpkg_check(package:"sys-apps/firejail", unaffected:make_list("ge 0.9.44.4"), vulnerable:make_list("lt 0.9.44.4"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Firejail");
}