CVE-2016-2779

Published: 07 February 2017

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
util-linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.31)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.33.1-0.1ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.33.1-0.1ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.31.1-0.4ubuntu3.3)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2