| Severity |
|
| Remote |
|
| Type |
|
| Description |
| + |
A vulnerability has been found in firejail where the --x11 flag runs an X server as root and the --env flag could be used to set arbitrary environment variables. This skips runtime linker protections, for example LD_* variables for setuid executables. Therefore a non-privileged user could pop a root shell via hooking calls to getenv(3) in xauth(1). |
|
| References |
| + |
http://www.openwall.com/lists/oss-security/2017/01/05/4 |
| + |
https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f |
| + |
https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc |
| + |
https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 |
| + |
https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c |
|
| Notes |
| + |
Bugfixes: |
| + |
https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 |
| + |
https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c |
|