Date: Sun, 29 Jan 2017 13:14:25 +0000 (UTC) From: Ion Ionescu <netblue30@...oo.com> To: Sebastian Krahmer <krahmer@...e.com>, "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: Firejail local root exploit Hello, The first fix for CVE-2017-5180 in Firejail version 0.9.44.4 and 0.9.38.8 (LTS) was incomplete. Changing .Xauthority to .bashrc in the exploit code, the problem is still there - credit Sebastian Krahmer. New releases are out: 0.9.44.8 and 0.9.38.10 (LTS). Please assign a new CVE. Thank you, Ion Ionescu From: Sebastian Krahmer <krahmer@...e.com> To: oss-security@...ts.openwall.com Cc: netblue30@...oo.com Sent: Wednesday, January 4, 2017 8:12 AM Subject: Firejail local root exploit Hi Please find attached PoC for firejail, which seems to be quite popular sandboxing tool. Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@...e.com - SuSE Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ