CVE-2017-5207 log
| Source |
|
| Severity | High |
| Remote | No |
| Type | Privilege escalation |
| Description | A vulnerability has been discovered when providing a custom shell as a parameter to the firejail bandwidth command. By making this custom shell ignore the -c (for command) option, an attacker can execute an arbitrary command to, for example, obtain a root shell. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-128 | firejail | 0.9.44.2-1 | 0.9.44.10-1 | High | Fixed |
| References |
|---|
https://github.com/netblue30/firejail/issues/1023 https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc |