Anfälligkeitssuche        Suche in 191973 CVE Beschreibungen
und 86218 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.704742
Kategorie:Debian Local Security Checks
Titel:Debian: Security Advisory for firejail (DSA-4742-1)
Zusammenfassung:The remote host is missing an update for the 'firejail'; package(s) announced via the DSA-4742-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'firejail'
package(s) announced via the DSA-4742-1 advisory.

Vulnerability Insight:
Tim Starling discovered two vulnerabilities in firejail, a sandbox
program to restrict the running environment of untrusted applications.

CVE-2020-17367
It was reported that firejail does not respect the end-of-options
separator ('--'), allowing an attacker with control over the command
line options of the sandboxed application, to write data to a
specified file.

CVE-2020-17368
It was reported that firejail when redirecting output via --output
or --output-stderr, concatenates all command line arguments into a
single string that is passed to a shell. An attacker who has control
over the command line arguments of the sandboxed application could
take advantage of this flaw to run run arbitrary other commands.

Affected Software/OS:
'firejail' package(s) on Debian Linux.

Solution:
For the stable distribution (buster), these problems have been fixed in
version 0.9.58.2-2+deb10u1.

We recommend that you upgrade your firejail packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-17367
Common Vulnerability Exposure (CVE) ID: CVE-2020-17368
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 86218 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.