Headline
Gentoo Linux Security Advisory 202305-19
Gentoo Linux Security Advisory 202305-19 - A vulnerability has been discovered in Firejail which could result in local root privilege escalation.
Gentoo Linux Security Advisory GLSA 202305-19
https://security.gentoo.org/
Severity: Normal
Title: Firejail: Local Privilege Escalation
Date: May 03, 2023
Bugs: #850748
ID: 202305-19
Synopsis
A vulnerability has been discovered in Firejail which could result in
local root privilege escalation.
Background
A SUID program that reduces the risk of security breaches by restricting
the running environment of untrusted applications using Linux namespaces
and seccomp-bpf.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/glsamaker/models/glsa.py", line 326, in generate_mail_table
return self._generate_mail_table()
File "/usr/local/lib/python3.9/site-packages/glsamaker/models/glsa.py", line 297, in _generate_mail_table
vuln.range_types_rev[vuln.pkg_range], vuln.version
KeyError: None
Description
Firejail does not sufficiently validate the user’s environment prior to
using it as the root user when using the --join command line option.
Impact
An unprivileged user can exploit this vulnerability to achieve local
root privileges.
Workaround
System administrators can mitigate this vulnerability via adding either
“force-nonewprivs yes” or “join no” to the Firejail configuration file
in /etc/firejail/firejail.config.
Resolution
Gentoo has discontinued support for sys-apps/firejail-lts. Users should
unmerge it in favor of sys-apps/firejail:
emerge --ask --depclean --verbose “sys-apps/firejail-lts”
emerge --ask --verbose “sys-apps/firejail”
All Firejail users should upgrade to the latest version:
emerge --ask --oneshot --verbose “>=sys-apps/firejail-0.9.70”
References
[ 1 ] CVE-2022-31214
https://nvd.nist.gov/vuln/detail/CVE-2022-31214
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-19
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo.