8.5
CWE
269 648
Advisory Published
Updated

CVE-2020-5291: Privilege escalation in setuid mode via user namespaces in Bubblewrap

First published: Tue Mar 31 2020(Updated: )

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Projectatomic Bubblewrap<0.4.1
Debian Debian Linux=10.0
Archlinux Arch Linux
CentOS CentOS=7.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-5291?

    CVE-2020-5291 is a vulnerability in the Bubblewrap (bwrap) software before version 0.4.1.

  • Is Bubblewrap affected by CVE-2020-5291?

    Yes, Bubblewrap before version 0.4.1 is affected by CVE-2020-5291.

  • What is the severity of CVE-2020-5291?

    CVE-2020-5291 has a severity rating of 7.8 (high).

  • How can CVE-2020-5291 be exploited?

    CVE-2020-5291 can be exploited by using the `bwrap --userns2` option, which allows a setuid process to keep running as root while being traceable, leading to potential root privilege escalation.

  • How can I fix CVE-2020-5291?

    To fix CVE-2020-5291, update Bubblewrap to version 0.4.1 or later.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203