Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Jan 2017 11:11:53 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: Firejail local root exploit

Hi Mitre,

On Wed, Jan 04, 2017 at 12:16:49PM -0500, cve-assign@...re.org wrote:
> >  * Firejail has too broad attack surface that allows users
> >  * to specify a lot of options, where one of them eventually
> >  * broke by accessing user-files while running with euid 0.
> 
> > const char *const ldso = "/etc/ld.so.preload";
> > ...
> > snprintf(path, sizeof(path) - 1, "%s/.firenail/.Xauthority", home);
> > ...
> > symlink(ldso, path)
> 
> Use CVE-2017-5180.

Is this correct? It starts quite far into the 2017 namespace?

Or have other CNAs allocated the previous 5000 ?

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ