Detections
Analytics
GLSA-201702-03 : Firejail: Privilege escalation
high Nessus Plugin ID 97092
Language:
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-201702-03 (Firejail: Privilege escalation)The unaffected packages listed in GLSA 201612-48 had an incomplete fix as reported by Sebastian Krahmer of SuSE. This has been properly patched in the latest releases.
Impact :
An attacker could possibly bypass sandbox protection, cause a Denial of Service condition, or escalate privileges.
Workaround :
There is no known workaround at this time.
Solution
All Firejail users should upgrade to the latest version:# emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/firejail-0.9.44.8' All Firejail-lts users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/firejail-lts-0.9.38.10'
See Also
https://firejail.wordpress.com/download-2/release-notes/
Plugin Details
Severity: High
ID: 97092
File Name: gentoo_GLSA-201702-03.nasl
Version: 3.6
Type: local
Family: Gentoo Local Security Checks
Published: 2/10/2017
Updated: 1/1/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-5940
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:gentoo:linux:firejail, p-cpe:/a:gentoo:linux:firejail-lts, cpe:/o:gentoo:linux
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Ease: No known exploits are available
Patch Publication Date: 2/9/2017
Vulnerability Publication Date: 2/9/2017
Reference Information
CVE: CVE-2017-5940
GLSA: 201702-03