Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Oct 2016 09:29:02 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com, up201407890@...nos.dcc.fc.up.pt,
 netblue30 <netblue30@...oo.com>
Cc: team@...urity.debian.org
Subject: Re: CVE-2016-7545 -- SELinux sandbox escape

On Sun, 2016-09-25 at 13:49 +0200, up201407890@...nos.dcc.fc.up.pt wrote:
> When executing a program via the SELinux sandbox, the nonpriv session
> can escape to the parent session by using the TIOCSTI ioctl to push
> characters into the terminal's input buffer, allowing an attacker to
> escape the sandbox.

Hi,

it seems that firejail was affected by the same vulnerability, which was fixed
in 0.9.44 with https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597
b4ff9f6a3cb28b2d500d1b

The commit log reuses the CVE-2016-7545 number, but I guess a new one should
be assigned since they don't share the same codebase?

Regards,
-- 
Yves-Alexis Perez - Debian Security


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ