CVE-2017-5226
https://notcve.org/view.php?id=CVE-2017-5226
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. "Al ejecutar un programa a través del sandbox bubblewrap, la sesión nonpriv puede escapar a la sesión padre utilizando el ioctl de TIOCSTI para insertar caracteres en el búfer de entrada del terminal, permitiendo a un atacante escapar del sandbox • http://www.openwall.com/lists/oss-security/2020/07/10/1 http://www.openwall.com/lists/oss-security/2023/03/17/1 http://www.securityfocus.com/bid/97260 https://bugzilla.redhat.com/show_bug.cgi?id=1411811 https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117 https://github.com/projectatomic/bubblewrap/issues/142 https://www.openwall.com/lists/oss-security/2023/03/14/2 • CWE-20: Improper Input Validation •
CVE-2017-5524
https://notcve.org/view.php?id=CVE-2017-5524
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. Plone 4.x en veriones hasta 4.3.11 y 5.x en versiones hasta 5.0.6 permiten atacantes remotos evitar un mecanismo de protección sandbox y obtener información sensible aprovechando el método de formato de cadenas Python. • http://www.openwall.com/lists/oss-security/2017/01/18/6 http://www.securityfocus.com/bid/95679 https://plone.org/security/hotfix/20170117/sandbox-escape • CWE-134: Use of Externally-Controlled Format String •
CVE-2017-6903
https://notcve.org/view.php?id=CVE-2017-6903
Executable bytecode in a malicious auto-downloaded file can set configuration variables to values that will result in unwanted native code DLLs being loaded, resulting in sandbox escape. ... Bytecode ejecutable en un archivo autodescargado malicioso puede configurar variables de configuración a valores que resultarán en la carga de DLLs de código nativo no deseadas, resultando en sandbox de escape. • http://www.debian.org/security/2017/dsa-3812 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857699 https://github.com/JACoders/OpenJK/commit/8956a35e7b91c4a0dd1fa6db1d28c7f0efbab2d7 https://github.com/ioquake/ioq3/commit/376267d534476a875d8b9228149c4ee18b74a4fd https://github.com/ioquake/ioq3/commit/b173ac05993f634a42be3d3535e1b158de0c3372 https://github.com/ioquake/ioq3/commit/f61fe5f6a0419ef4a88d46a128052f2e8352e85d https://github.com/iortcw/iortcw/commit/11a83410153756ae350a82ed41b08d128ff7f998 https://github.com/iortcw/iortcw/commit/b248763e4 •
CVE-2016-4617
https://notcve.org/view.php?id=CVE-2016-4617
The issue involves a sandbox escape related to launchctl process spawning in the "libxpc" component. ... El problema involucra una fuga de sandbox relacionada con la generación de procesos launchctl en el componente "libxpc". • http://www.securityfocus.com/bid/96329 https://support.apple.com/HT207170 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2017-5940
https://notcve.org/view.php?id=CVE-2017-5940
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. ... Firejail en versiones anteriores a 0.9.44.6 y 0.9.38.x LTS en versiones anteriores a 0.9.38.10 LTS no aborda exhaustivamente los casos dotfile durante su intento de impedir el acceso a los archivos de usuario con un euid de cero, lo que permite a usuarios locales llevar a cabo ataques sybox-escape a través de vectores que implican un enlace simbólico y la opción --private. • http://www.openwall.com/lists/oss-security/2017/01/31/16 http://www.securityfocus.com/bid/96221 https://firejail.wordpress.com/download-2/release-notes https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 https://security.gentoo.org/glsa/201702-03 • CWE-269: Improper Privilege Management •