CVE-2022-31214
https://notcve.org/view.php?id=CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. Se ha detectado un problema de cambio de contexto de privilegios en el archivo join.c en Firejail versión 0.9.68. Al diseñar un contenedor Firejail falso que es aceptado por el programa Firejail setuid-root como objetivo de join, un atacante local puede entrar en un entorno en el que el espacio de nombres de usuario de Linux sigue siendo el espacio de nombres de usuario inicial, el prctl NO_NEW_PRIVS no está activado, y el espacio de nombres de montaje introducido está bajo el control del atacante. • https://firejail.wordpress.com/download-2/release-notes https://lists.debian.org/debian-lts-announce/2022/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RZOTZ36RUSL6DOVHITY25ZYKWTG5HN3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUZZ5M6LIBYRKTKGROXC47TDC3FRTGJF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIBEBE3KFINMGJATBQQS7D2VQQ62ZVMF https://security.gentoo.org/glsa/202305-19 h • CWE-269: Improper Privilege Management •
CVE-2021-26910
https://notcve.org/view.php?id=CVE-2021-26910
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. Firejail versiones anteriores a 0.9.64.4, permite a atacantes omitir las restricciones de acceso previstas porque se presenta una condición de carrera TOCTOU entre una operación de estadística y una operación de montaje OverlayFS • http://www.openwall.com/lists/oss-security/2021/02/09/1 https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b https://github.com/netblue30/firejail/releases/tag/0.9.64.4 https://lists.debian.org/debian-lts-announce/2021/02/msg00015.html https://security.gentoo.org/glsa/202105-19 https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt https://www.debian.org/securi • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2020-17368
https://notcve.org/view.php?id=CVE-2020-17368
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. Firejail versiones hasta 0.9.62, maneja inapropiadamente los metacaracteres de shell durante el uso de la opción --output o --output-stderr, lo que puede conllevar a una inyección de comandos • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00036.html https://github.com/netblue30/firejail https://lists.debian.org/debian-lts-announce/2020/08/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFXN3JJG4DIMN4TAHOTKFMS7SGM4EOTR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W66IR5YT4KG464SKEMQN2NP2LGATGEGS https://security.gentoo.org/glsa/202101-02 https://www.debian.org/security/2020/dsa-4742 https • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2020-17367
https://notcve.org/view.php?id=CVE-2020-17367
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. Firejail versiones hasta 0.9.62, no respeta el indicador -- end-of-options después de la opción --output, lo que puede conllevar a una inyección de comandos • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00036.html https://github.com/netblue30/firejail https://lists.debian.org/debian-lts-announce/2020/08/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFXN3JJG4DIMN4TAHOTKFMS7SGM4EOTR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W66IR5YT4KG464SKEMQN2NP2LGATGEGS https://security.gentoo.org/glsa/202101-02 https://www.debian.org/security/2020/dsa-4742 https • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2019-12589
https://notcve.org/view.php?id=CVE-2019-12589
In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. En Firejail versión anterior a la 0.9.60, los filtros seccomp son escribibles dentro de la cadena lo que conlleva a una falta de restricciones previstas de seccomp para un proceso que se une a la jaula después de que un filtro haya sido modificado por un atacante . • https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134 https://github.com/netblue30/firejail/issues/2718 https://github.com/netblue30/firejail/releases/tag/0.9.60 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDY7B73YDRBURA25APSHD5PFEO4TNSFW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGVULJ6IKVDO6UAVIQRHQVSKOUD6QDWM • CWE-732: Incorrect Permission Assignment for Critical Resource •