CVE-2016-2779

Published: 7 February 2017

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Notes

Author	Note
mdeslaur	2.31 introduced a --pty option that can be used
eslerm	upstream revereted their patch backporting 2.31's optional --pty flag has high risk potential

Priority

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package	Release	Status
util-linux Launchpad, Ubuntu, Debian	artful	Ignored (end of life)
	bionic	Not vulnerable (2.31.1-0.4ubuntu3.3)
	cosmic	Not vulnerable (2.32-0.1ubuntu2)
	disco	Not vulnerable (2.33.1-0.1ubuntu2)
	eoan	Not vulnerable (2.33.1-0.1ubuntu2)
	focal	Not vulnerable (2.33.1-0.1ubuntu2)
	precise	Not vulnerable (code not present)
	trusty	Not vulnerable (code not present)
	upstream	Released (2.31)
	impish	Not vulnerable (2.33.1-0.1ubuntu2)
	wily	Ignored (end of life)
	yakkety	Ignored (end of life)
	zesty	Ignored (end of life)
	groovy	Not vulnerable (2.33.1-0.1ubuntu2)
	jammy	Not vulnerable (2.33.1-0.1ubuntu2)
	hirsute	Not vulnerable (2.33.1-0.1ubuntu2)
	xenial	Ignored (no patch expected)
	Patches: upstream: https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2

Severity score breakdown

Parameter	Value
Base score	7.8
Attack vector	Local
Attack complexity	Low
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›