CVE-2017-5226: Input Validation
First published: Mon Jan 09 2017(Updated: )
When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. References: <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850702">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850702</a> Upstream bugs: <a href="https://github.com/projectatomic/bubblewrap/issues/142">https://github.com/projectatomic/bubblewrap/issues/142</a> <a href="https://github.com/projectatomic/bubblewrap/pull/143">https://github.com/projectatomic/bubblewrap/pull/143</a> Upstream patch: <a href="https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117">https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/bubblewrap | <0.1.5 | 0.1.5 |
| debian/bubblewrap | 0.4.1-3 0.8.0-2 0.9.0-1 | |
| Project Atomic Bubblewrap | <=0.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2017-5226
- https://github.com/projectatomic/bubblewrap/issues/142
- https://security-tracker.debian.org/tracker/CVE-2005-4890
- https://security-tracker.debian.org/tracker/CVE-2016-7545
- https://security-tracker.debian.org/tracker/CVE-2016-2781
- https://security-tracker.debian.org/tracker/CVE-2016-2779
- https://security-tracker.debian.org/tracker/CVE-2016-2568
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850702
- https://github.com/projectatomic/bubblewrap/pull/143
- https://github.com/projectatomic/bubblewrap/commit/d7fc532c42f0e9bf427923bab85433282b3e5117
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1411815
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1411814
- https://github.com/projectatomic/bubblewrap/pull/150
- https://bugzilla.redhat.com/show_bug.cgi?id=1411811
- http://www.openwall.com/lists/oss-security/2020/07/10/1
- http://www.openwall.com/lists/oss-security/2023/03/17/1
- http://www.securityfocus.com/bid/97260
- https://www.openwall.com/lists/oss-security/2023/03/14/2
Frequently Asked Questions
What is the severity of CVE-2017-5226?
CVE-2017-5226 is considered a high-severity vulnerability due to the risk of sandbox escape.
How does CVE-2017-5226 allow an attacker to escape the sandbox?
CVE-2017-5226 allows an attacker to escape the sandbox by using the TIOCSTI ioctl to push characters into the terminal's input buffer.
Which versions of bubblewrap are affected by CVE-2017-5226?
CVE-2017-5226 affects bubblewrap versions up to and including 0.1.5.
How do I fix CVE-2017-5226?
To fix CVE-2017-5226, upgrade bubblewrap to version 0.4.1-3 or later.
What types of systems are impacted by CVE-2017-5226?
CVE-2017-5226 impacts systems using bubblewrap versions prior to 0.4.1-3, particularly on Debian-based and Red Hat-based distributions.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-5226
- agent/software-canonical-lookup
- collector/debian-bugs
- source/Debian
- collector/security-tracker-debian
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- package-manager/debian
- vendor/projectatomic
- canonical/project atomic bubblewrap
- version/project atomic bubblewrap/0.1.5