VIR Vulnerability Intelligence Relay

CVE-2016-10117

high
Published 2017-04-13 Β· Modified 2026-05-13
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
7.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
7.8

Description

Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.

Predictions

Exploit likelihood
75%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker Β· View original β†— Β· DFSG

CVE-2016-10117 NameCVE-2016-10117 DescriptionFirejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists…

CVE-2016-10117

NameCVE-2016-10117
DescriptionFirejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firejail (PTS)bullseye (security), bullseye0.9.64.4-2+deb11u1fixed
bookworm0.9.72-2fixed
trixie0.9.74-1fixed
sid0.9.80-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firejailsource(unstable)0.9.38-1

Notes

https://www.openwall.com/lists/oss-security/2017/01/05/4
https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1)

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
https://www.openwall.com/lists/oss-security/2017/01/05/4https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1)

OS impact
arch Arch Fixed 1 release
VersionStatusFixed in
β€” Fixed 0.9.44.10-1
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 0.9.38-1
sid Fixed 0.9.38-1
forky Fixed 0.9.38-1
bullseye Fixed 0.9.38-1
bookworm Fixed 0.9.38-1

Application impact
VendorProductVersionsFixed
firejail_projectfirejail-

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.