---

CVE-2017-5207 - log back

CVE-2017-5207 created at 25 Sep 2019 19:31:40
Severity	+ High
Remote	+ Local
Type	+ Privilege escalation
Description	+ A vulnerability has been discovered when providing a custom shell as a parameter to the firejail bandwidth command. By making this custom shell ignore the -c (for command) option, an attacker can execute an arbitrary command to, for example, obtain a root shell.
References	+ https://github.com/netblue30/firejail/issues/1023 + https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
Notes