1. CVE-Search
  2. CVE-2019-12499
ID CVE-2019-12499
Summary Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.
References
Vulnerable Configurations
  • cpe:2.3:a:firejail_project:firejail:0.9:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.2:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.4:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.4:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.6:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.6:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.8:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.8:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.8.1:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.8.1:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.10:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.10:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.12:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.12:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.12.1:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.12.1:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.12.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.12.2:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.14:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.14:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.16:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.16:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.20:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.20:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.22:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.22:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.24:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.24:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.26:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.26:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.28:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.28:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.30:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.30:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.30:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.30:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.32:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.32:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.32:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.32:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.34:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.34:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.34:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.34:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.36:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.36:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.36:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.36:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.2:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.4:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.4:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.6:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.6:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.8:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.8:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.10:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.10:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.38.12:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.38.12:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.40:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.40:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.40:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.40:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.42:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.42:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.42:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.42:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44.2:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44.4:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44.4:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44.6:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44.6:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44.8:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44.8:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.44.10:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.44.10:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.46:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.46:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.46:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.46:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.48:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.48:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.50:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.50:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.50:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.50:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.52:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.52:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.54:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.54:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.54:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.54:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.56:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.56:*:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.56:-:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.56:-:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.56:rc1:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.56:rc1:*:*:-:*:*:*
  • cpe:2.3:a:firejail_project:firejail:0.9.58.2:*:*:*:-:*:*:*
    cpe:2.3:a:firejail_project:firejail:0.9.58.2:*:*:*:-:*:*:*
CVSS
Base: 9.3 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
fedora
  • FEDORA-2020-0fb484d7f7
  • FEDORA-2020-7f6e0e6e00
misc https://github.com/netblue30/firejail/issues/2401
Last major update 24-08-2020 - 17:37
Published 31-05-2019 - 12:29
Last modified 24-08-2020 - 17:37
Back to Top