High severity8.8NVD Advisory· Published Feb 9, 2017· Updated Jun 17, 2026
CVE-2017-5180
CVE-2017-5180
Description
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:firejail_project:firejail:*:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:a:firejail_project:firejail:*:*:*:*:-:*:*:*range: <0.9.44.4
- cpe:2.3:a:firejail_project:firejail:*:*:*:*:lts:*:*:*range: >=0.9.38,<0.9.38.8
- (no CPE)range: <0.9.44.4, <0.9.38.8 LTS
Patches
Vulnerability mechanics
References
4- openwall.com/lists/oss-security/2017/01/04/2nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/95298nvdThird Party AdvisoryVDB Entry
- firejail.wordpress.com/download-2/release-notes/nvdRelease NotesVendor Advisory
- security.gentoo.org/glsa/201701-62nvdThird Party Advisory
News mentions
0No linked articles in our index yet.