Bug 1174073 – VUL-0: CVE-2017-5226: bubblewrap: Nonprivileged session can escape to the parent session by using the TIOCSTI ioctl

Bug 1174073 - (CVE-2017-5226) VUL-0: CVE-2017-5226: bubblewrap: Nonprivileged session can escape to the parent session by using the TIOCSTI ioctl

(CVE-2017-5226)
Summary:	VUL-0: CVE-2017-5226: bubblewrap: Nonprivileged session can escape to the par...

Status:	RESOLVED INVALID

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/178375/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2020-07-13 10:01 UTC by Alexandros Toptsoglou
Modified:	2020-07-13 10:02 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2020-07-13 10:01:40 UTC

CVE-2017-5226

When executing a program via the bubblewrap sandbox, the nonpriv
session can escape to the parent session by using the TIOCSTI ioctl to
push characters into the terminal's input buffer, allowing an attacker
to escape the sandbox.

References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850702

Upstream bugs:

https://github.com/projectatomic/bubblewrap/issues/142
https://github.com/projectatomic/bubblewrap/pull/143

Upstream patch:

https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1411811
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5226
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-5226.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5226
https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
https://github.com/projectatomic/bubblewrap/issues/142
http://www.securityfocus.com/bid/97260

Comment 1 Alexandros Toptsoglou 2020-07-13 10:02:37 UTC

We ship not affected version of bubblewrap. Closing