CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

References

Affected packages

Git / github.com/containers/bubblewrap

Affected ranges

Type: GIT
Repo: https://github.com/containers/bubblewrap
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d7fc532c42f0e9bf427923bab85433282b3e5117

Type: GIT
Repo: https://github.com/projectatomic/bubblewrap
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Affected versions

0.*

0.1.2

v0.*

v0.1.0

v0.1.1

v0.1.3

v0.1.4

v0.1.5

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2017-5226-01325d7e",
            "signature_type": "Function",
            "target": {
                "file": "bubblewrap.c",
                "function": "main"
            },
            "source": "https://github.com/containers/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117",
            "digest": {
                "function_hash": "287962065378072587237830509889308472400",
                "length": 8371.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "CVE-2017-5226-611760d8",
            "signature_type": "Line",
            "target": {
                "file": "bubblewrap.c"
            },
            "source": "https://github.com/containers/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "192894767759618667927446856224081485088",
                    "280413593697293249105206339416682856038",
                    "44362035466669055874973282698037160703"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ]
}