CVE-2019-12589

Published: Jun 3, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.

Affected (1)

Products: Firejail Project: Firejail

Firejail Project

1 product

Firejail

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Firejail Project Firejail	Before 0.9.60

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (10)

https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/netblue30/firejail/issues/2718

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://github.com/netblue30/firejail/releases/tag/0.9.60

Source: cve@mitre.org

Release NotesThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CDY7B73YDRBURA25APSHD5PFEO4TNSFW/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGVULJ6IKVDO6UAVIQRHQVSKOUD6QDWM/

Source: cve@mitre.org

https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134