Skip to main content

Firejail CVE-2019-12589

HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2019-06-03 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 03, 2019 - 03:29 nvd
HIGH 8.8

DescriptionNVD

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.

AnalysisAI

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. Affected products include: Firejail Project Firejail. Version information: before 0.9.60.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Review and restrict file/resource permissions, apply principle of least privilege.

CVE-2017-5180 HIGH POC
8.8 Feb 09

Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt

CVE-2021-26910 HIGH POC
7.0 Feb 08

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race conditio

CVE-2020-17368 CRITICAL
9.8 Aug 11

Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may

CVE-2017-5206 CRITICAL
9.0 Mar 23

Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a secc

CVE-2016-9016 HIGH
8.8 Jan 19

Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl ca

CVE-2017-5940 HIGH
8.8 Feb 09

Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its

CVE-2019-12499 HIGH
8.1 May 31

Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit co

CVE-2016-10123 HIGH
7.8 Apr 13

Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. Rated high sev

CVE-2016-10122 HIGH
7.8 Apr 13

Firejail does not properly clean environment variables, which allows local users to gain privileges. Rated high severity

CVE-2016-10117 HIGH
7.8 Apr 13

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting o

CVE-2017-5207 HIGH
7.8 Mar 23

Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell a

CVE-2016-10121 HIGH
7.8 Apr 13

Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileg

Share

CVE-2019-12589 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy