Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Oct 2016 12:51:08 -0400 (EDT)
From: cve-assign@...re.org
To: corsac@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, up201407890@...nos.dcc.fc.up.pt, netblue30@...oo.com, team@...urity.debian.org
Subject: Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> On Sun, 2016-09-25 at 13:49 +0200, up201407890@...nos.dcc.fc.up.pt wrote:
>> When executing a program via the SELinux sandbox, the nonpriv session
>> can escape to the parent session by using the TIOCSTI ioctl to push
>> characters into the terminal's input buffer, allowing an attacker to
>> escape the sandbox.

> it seems that firejail was affected by the same vulnerability, which
> was fixed in 0.9.44 with
> https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
> 
> The commit log reuses the CVE-2016-7545 number, but I guess a new one
> should be assigned since they don't share the same codebase?

The ID for the similar Firejail vulnerability is CVE-2016-9016.
An additional reference is:

  https://firejail.wordpress.com/download-2/release-notes/

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYD4z3AAoJEHb/MwWLVhi24ewQAIgsLJF0ToaKXKahu7nzwYxk
R4AnRxXuzA0eLbvH+jqGQxE0NbIlf394O7IwGv6gDLpwAvN0KbgtyEMqrBZ270+L
UOzydUS4i9Ntlp6e2k/1CLr7Jihphjo60qclGgJEzq187qALfmFyi7H56NWpjBLX
1JZs7vL3po8ehmEOweb+UdstVrene2UcvX9TZRNGP4GOO1XJ7/VrnvhDBxCNpONR
0M2F98Jb9XY/jx4Agur64xRrvE3GiuY4S5GC+JOTBcbCXc7l2o+rOXOOEbuOYkxP
5znGPpya92D6bjDe1LNZ+SntH73vEGJXUHRvqLrZAdRZ4YQCPAxvI87AHNh7e2o8
a5QayZCYd0QVvHX2fa2lzDOQ2MV8adWj/IU1C6TRNThEQQgZzMvvqtl0nOcdetYh
blQo8n4WqdRRK3SeBB2z8lnzF3b5H79/PJCUSCI35gT39kw47GetwdtzrEODrl4E
LxRsl8XsmamWA0qq8DhWg7YlGMSYgx7on8gTyh73lN87cSziq26OnZEuAK1uQbcI
Ag0OllszMHJMIBY7CxgxAfNcEc91LPwmcNXSSybxJ0QJcFzSnKgWgQqvYLYOcfH7
olobW7zvnXr9rpYODd9P+EzXBWbvRKzp8tMUljb20jC8DZ49slCwkW+TzfloG6Q3
kvg8DcdSvh+XK8FzieDu
=I0E8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ