Vulnerability Details CVE-2017-5207
Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://www.openwall.com/lists/oss-security/2017/01/07/6
- http://www.securityfocus.com/bid/97385
- https://firejail.wordpress.com/download-2/release-notes/
- https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
- https://github.com/netblue30/firejail/issues/1023
- https://security.gentoo.org/glsa/201701-62
- http://www.openwall.com/lists/oss-security/2017/01/07/6
- http://www.securityfocus.com/bid/97385
- https://firejail.wordpress.com/download-2/release-notes/
- https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
- https://github.com/netblue30/firejail/issues/1023
- https://security.gentoo.org/glsa/201701-62
Products affected by CVE-2017-5207
-
cpe:2.3:a:firejail_project:firejail:-
-
cpe:2.3:a:firejail_project:firejail:0.9
-
cpe:2.3:a:firejail_project:firejail:0.9.10
-
cpe:2.3:a:firejail_project:firejail:0.9.12
-
cpe:2.3:a:firejail_project:firejail:0.9.12.1
-
cpe:2.3:a:firejail_project:firejail:0.9.12.2
-
cpe:2.3:a:firejail_project:firejail:0.9.14
-
cpe:2.3:a:firejail_project:firejail:0.9.16
-
cpe:2.3:a:firejail_project:firejail:0.9.2
-
cpe:2.3:a:firejail_project:firejail:0.9.20
-
cpe:2.3:a:firejail_project:firejail:0.9.22
-
cpe:2.3:a:firejail_project:firejail:0.9.24
-
cpe:2.3:a:firejail_project:firejail:0.9.26
-
cpe:2.3:a:firejail_project:firejail:0.9.28
-
cpe:2.3:a:firejail_project:firejail:0.9.30
-
cpe:2.3:a:firejail_project:firejail:0.9.32
-
cpe:2.3:a:firejail_project:firejail:0.9.34
-
cpe:2.3:a:firejail_project:firejail:0.9.36
-
cpe:2.3:a:firejail_project:firejail:0.9.38
-
cpe:2.3:a:firejail_project:firejail:0.9.38.10
-
cpe:2.3:a:firejail_project:firejail:0.9.38.12
-
cpe:2.3:a:firejail_project:firejail:0.9.38.2
-
cpe:2.3:a:firejail_project:firejail:0.9.38.4
-
cpe:2.3:a:firejail_project:firejail:0.9.38.6
-
cpe:2.3:a:firejail_project:firejail:0.9.38.8
-
cpe:2.3:a:firejail_project:firejail:0.9.4
-
cpe:2.3:a:firejail_project:firejail:0.9.40
-
cpe:2.3:a:firejail_project:firejail:0.9.42
-
cpe:2.3:a:firejail_project:firejail:0.9.44
-
cpe:2.3:a:firejail_project:firejail:0.9.44.2
-
cpe:2.3:a:firejail_project:firejail:0.9.6
-
cpe:2.3:a:firejail_project:firejail:0.9.8
-
cpe:2.3:a:firejail_project:firejail:0.9.8.1