ALT-PU-2021-1485-1
Closed vulnerabilities
Published: 2021-02-08
BDU:2021-03745
Уязвимость компонента OverlayFS SUID песочницы Firejail, связанная с недостаточной проверкой состояния совместно используемого ресурса, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: HIGH (7.0)
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2021-02-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-26910
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation.
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20210209 Re: [cve-pending] Firejail: root privilege escalation in OverlayFS code
- [oss-security] 20210209 Re: [cve-pending] Firejail: root privilege escalation in OverlayFS code
- https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
- https://github.com/netblue30/firejail/commit/97d8a03cad19501f017587cc4e47d8418273834b
- https://github.com/netblue30/firejail/releases/tag/0.9.64.4
- https://github.com/netblue30/firejail/releases/tag/0.9.64.4
- [debian-lts-announce] 20210211 [SECURITY] [DLA 2554-1] firejail security update
- [debian-lts-announce] 20210211 [SECURITY] [DLA 2554-1] firejail security update
- GLSA-202105-19
- GLSA-202105-19
- https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
- https://unparalleled.eu/blog/2021/20210208-rigged-race-against-firejail-for-local-root/
- https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
- https://unparalleled.eu/publications/2021/advisory-unpar-2021-0.txt
- DSA-4849
- DSA-4849