CVE-2017-5226

Опубликовано: 29 мар. 2017

Источник: nvd

CVSS3: 10

CVSS2: 7.5

EPSS Низкий

Описание

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

Ссылки

http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
Issue Tracking
Patch
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
Patch
https://github.com/projectatomic/bubblewrap/issues/142
Exploit
Patch
Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/03/14/2
http://www.openwall.com/lists/oss-security/2020/07/10/1
http://www.openwall.com/lists/oss-security/2023/03/17/1
http://www.securityfocus.com/bid/97260
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
Issue Tracking
Patch
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
Patch
https://github.com/projectatomic/bubblewrap/issues/142
Exploit
Patch
Vendor Advisory
https://www.openwall.com/lists/oss-security/2023/03/14/2

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectatomic:bubblewrap:*:*:*:*:*:*:*:*

Версия до 0.1.5 (включая)

EPSS

Процентиль: 92%

0.08848

Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2017-5226

CVSS3: 10

ubuntu

почти 9 лет назад

CVE-2017-5226

CVSS3: 10

debian

почти 9 лет назад

When executing a program via the bubblewrap sandbox, the nonpriv sessi ...

GHSA-m28g-vfcm-85ff

CVSS3: 10

github

больше 3 лет назад

EPSS

Процентиль: 92%

0.08848

Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20