// For flags

CVE-2017-5940

Gentoo Linux Security Advisory 201702-03

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.

Firejail en versiones anteriores a 0.9.44.6 y 0.9.38.x LTS en versiones anteriores a 0.9.38.10 LTS no aborda exhaustivamente los casos dotfile durante su intento de impedir el acceso a los archivos de usuario con un euid de cero, lo que permite a usuarios locales llevar a cabo ataques sybox-escape a través de vectores que implican un enlace simbólico y la opción --private. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2017-5180.

Firejail is vulnerable to the escalation of privileges due to an incomplete fix for CVE-2017-5180. Versions less than 0.9.44.8 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-02-09 CVE Reserved
  • 2017-02-09 CVE Published
  • 2024-08-05 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Firejail Project
Search vendor "Firejail Project"
 Firejail
Search vendor "Firejail Project" for product "Firejail"
 >= 0.9.38 <= 0.9.38.10
Search vendor "Firejail Project" for product "Firejail" and version " >= 0.9.38 <= 0.9.38.10"
lts
Affected
Firejail Project
Search vendor "Firejail Project"
 Firejail
Search vendor "Firejail Project" for product "Firejail"
 >= 0.9.40 <= 0.9.44.6
Search vendor "Firejail Project" for product "Firejail" and version " >= 0.9.40 <= 0.9.44.6"
-
Affected