Firejail: Privilege escalation — GLSA 202105-19

A vulnerability was discovered in Firejail which may allow local attackers to gain root privileges.

Affected packages

sys-apps/firejail on all architectures
Affected versions < 0.9.64.4
Unaffected versions >= 0.9.64.4

Background

A SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.

Description

It was discovered that a flaw in Firejail’s OverlayFS code allowed restricted programs to escape sandbox.

Impact

A local attacker could obtain arbitrary file system access via an application running within a Firejail sandbox, possibly resulting in privilege escalation.

Workaround

There is no known workaround at this time.

Resolution

All Firejail users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/firejail-0.9.64.4"
 

References

Release date
May 26, 2021

Latest revision
May 26, 2021: 1

Severity
high

Exploitable
local

Bugzilla entries