InfoSec LAB

Cerberus_Firejail

Created: 1 min read

Firejail

The target container environment has firejail with SUID bit set Despite the fact that PEAS has flagged it as an unknown SUID binary, there’s been a few occasions where outdated firejail binary with SUID bit set had been used for privilege escalation.

www-data@icinga:~$ /usr/bin/firejail --version
firejail version 0.9.68rc1
 
compile time support:
	- always force nonewprivs support is disabled
	- AppArmor support is enabled
	- AppImage support is enabled
	- chroot support is enabled
	- D-BUS proxy support is enabled
	- file transfer support is enabled
	- firetunnel support is enabled
	- networking support is enabled
	- output logging is enabled
	- overlayfs support is disabled
	- private-home support is enabled
	- private-cache and tmpfs as user enabled
	- SELinux support is disabled
	- user namespace support is enabled
	- X11 sandboxing support is enabled

Checking the version information reveals that the installed instance is firejail version 0.9.68rc1

which is vulnerable; CVE-2022-31214 Moving on to [[Cerberus_Privilege_Escalation_Container#[CVE-2022-31214](https //nvd.nist.gov/vuln/detail/CVE-2022-31214)|Privilege Escalation]] phase

Interactive Graph View

Backlinks