Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.704742
Categoría:Debian Local Security Checks
Título:Debian: Security Advisory for firejail (DSA-4742-1)
Resumen:The remote host is missing an update for the 'firejail'; package(s) announced via the DSA-4742-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'firejail'
package(s) announced via the DSA-4742-1 advisory.

Vulnerability Insight:
Tim Starling discovered two vulnerabilities in firejail, a sandbox
program to restrict the running environment of untrusted applications.

CVE-2020-17367
It was reported that firejail does not respect the end-of-options
separator ('--'), allowing an attacker with control over the command
line options of the sandboxed application, to write data to a
specified file.

CVE-2020-17368
It was reported that firejail when redirecting output via --output
or --output-stderr, concatenates all command line arguments into a
single string that is passed to a shell. An attacker who has control
over the command line arguments of the sandboxed application could
take advantage of this flaw to run run arbitrary other commands.

Affected Software/OS:
'firejail' package(s) on Debian Linux.

Solution:
For the stable distribution (buster), these problems have been fixed in
version 0.9.58.2-2+deb10u1.

We recommend that you upgrade your firejail packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-17367
Common Vulnerability Exposure (CVE) ID: CVE-2020-17368
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.