Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 29 Jan 2017 13:14:25 +0000 (UTC)
From: Ion Ionescu <netblue30@...oo.com>
To: Sebastian Krahmer <krahmer@...e.com>, 
	"oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Firejail local root exploit

Hello,
The first fix for CVE-2017-5180 in Firejail version 0.9.44.4 and 0.9.38.8 (LTS) was incomplete. Changing .Xauthority to .bashrc in the exploit code, the problem is still there - credit Sebastian Krahmer.
New releases are out: 0.9.44.8 and 0.9.38.10 (LTS). Please assign a new CVE.
Thank you,
Ion Ionescu

      From: Sebastian Krahmer <krahmer@...e.com>
 To: oss-security@...ts.openwall.com 
Cc: netblue30@...oo.com
 Sent: Wednesday, January 4, 2017 8:12 AM
 Subject: Firejail local root exploit
   
Hi

Please find attached PoC for firejail, which seems to be quite
popular sandboxing tool.

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.com - SuSE Security Team



   

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ