Описание
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 0.9.44.8-1 |
| esm-apps/xenial | released | 0.9.38-1ubuntu0.1 |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 0.9.44.2-2 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
4.6 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not ...
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
4.6 Medium
CVSS2
8.8 High
CVSS3