CVE-2017-5207 - log back

CVE-2017-5207 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ A vulnerability has been discovered when providing a custom shell as a parameter to the firejail bandwidth command. By making this custom shell ignore the -c (for command) option, an attacker can execute an arbitrary command to, for example, obtain a root shell.
References
+ https://github.com/netblue30/firejail/issues/1023
+ https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
Notes