oss-sec mailing list archives
Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016
From: cve-assign () mitre org
Date: Tue, 25 Oct 2016 12:51:08 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On Sun, 2016-09-25 at 13:49 +0200, up201407890 () alunos dcc fc up pt wrote:When executing a program via the SELinux sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.
it seems that firejail was affected by the same vulnerability, which was fixed in 0.9.44 with https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b The commit log reuses the CVE-2016-7545 number, but I guess a new one should be assigned since they don't share the same codebase?
The ID for the similar Firejail vulnerability is CVE-2016-9016. An additional reference is: https://firejail.wordpress.com/download-2/release-notes/ - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYD4z3AAoJEHb/MwWLVhi24ewQAIgsLJF0ToaKXKahu7nzwYxk R4AnRxXuzA0eLbvH+jqGQxE0NbIlf394O7IwGv6gDLpwAvN0KbgtyEMqrBZ270+L UOzydUS4i9Ntlp6e2k/1CLr7Jihphjo60qclGgJEzq187qALfmFyi7H56NWpjBLX 1JZs7vL3po8ehmEOweb+UdstVrene2UcvX9TZRNGP4GOO1XJ7/VrnvhDBxCNpONR 0M2F98Jb9XY/jx4Agur64xRrvE3GiuY4S5GC+JOTBcbCXc7l2o+rOXOOEbuOYkxP 5znGPpya92D6bjDe1LNZ+SntH73vEGJXUHRvqLrZAdRZ4YQCPAxvI87AHNh7e2o8 a5QayZCYd0QVvHX2fa2lzDOQ2MV8adWj/IU1C6TRNThEQQgZzMvvqtl0nOcdetYh blQo8n4WqdRRK3SeBB2z8lnzF3b5H79/PJCUSCI35gT39kw47GetwdtzrEODrl4E LxRsl8XsmamWA0qq8DhWg7YlGMSYgx7on8gTyh73lN87cSziq26OnZEuAK1uQbcI Ag0OllszMHJMIBY7CxgxAfNcEc91LPwmcNXSSybxJ0QJcFzSnKgWgQqvYLYOcfH7 olobW7zvnXr9rpYODd9P+EzXBWbvRKzp8tMUljb20jC8DZ49slCwkW+TzfloG6Q3 kvg8DcdSvh+XK8FzieDu =I0E8 -----END PGP SIGNATURE-----
Current thread:
- Re: CVE-2016-7545 -- SELinux sandbox escape Yves-Alexis Perez (Oct 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape netblue30 (Oct 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016 cve-assign (Oct 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016 Yves-Alexis Perez (Oct 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape up201407890 (Oct 25)