Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Oct 2016 17:51:11 +0200
From: up201407890@...nos.dcc.fc.up.pt
To: "Yves-Alexis Perez" <corsac@...ian.org>
Cc: oss-security@...ts.openwall.com, netblue30 <netblue30@...oo.com>,
	team@...urity.debian.org, cve-assign@...re.org
Subject: Re: CVE-2016-7545 -- SELinux sandbox escape

Quoting "Yves-Alexis Perez" <corsac@...ian.org>:

> On Sun, 2016-09-25 at 13:49 +0200, up201407890@...nos.dcc.fc.up.pt wrote:
>> When executing a program via the SELinux sandbox, the nonpriv session
>> can escape to the parent session by using the TIOCSTI ioctl to push
>> characters into the terminal's input buffer, allowing an attacker to
>> escape the sandbox.
>
> Hi,
>
> it seems that firejail was affected by the same vulnerability, which  
> was fixed
> in 0.9.44 with  
> https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597
> b4ff9f6a3cb28b2d500d1b
>
> The commit log reuses the CVE-2016-7545 number, but I guess a new one should
> be assigned since they don't share the same codebase?
>
> Regards,
> --
> Yves-Alexis Perez - Debian Security

Think so, CC'ing mitre.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.