Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 29 Jan 2017 13:14:25 +0000 (UTC)
From: Ion Ionescu <>
To: Sebastian Krahmer <>, 
	"" <>
Subject: Re: Firejail local root exploit

The first fix for CVE-2017-5180 in Firejail version and (LTS) was incomplete. Changing .Xauthority to .bashrc in the exploit code, the problem is still there - credit Sebastian Krahmer.
New releases are out: and (LTS). Please assign a new CVE.
Thank you,
Ion Ionescu

      From: Sebastian Krahmer <>
 Sent: Wednesday, January 4, 2017 8:12 AM
 Subject: Firejail local root exploit

Please find attached PoC for firejail, which seems to be quite
popular sandboxing tool.



~ perl
~ $_='print"\$_=\47$_\47;eval"';eval
~ - SuSE Security Team


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ