CVE-2016-2568 — Improper Encoding or Escaping of Output in Policykit-1
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 13
Latest updateMay 13
Description
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0
Affected Packages4 packages
Also affects: Enterprise Linux 6.0, 7.0
🔴Vulnerability Details
2GHSA▶
GHSA-8vgc-x7hv-3g84: pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to↗2022-05-13
OSV▶
CVE-2016-2568: pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to↗2017-02-13
📋Vendor Advisories
3Microsoft▶
pkexec, when used with --user nonpriv, allows local users to escape to the parent session↗2017-02-21
Red Hat▶
polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl↗2016-01-19
Debian▶
CVE-2016-2568: policykit-1 - pkexec, when used with --user nonpriv, allows local users to escape to the paren...↗2016
💬Community
3Bugzilla▶
CVE-2016-2781 coreutils: Non-privileged session can escape to the parent session in chroot↗2016-02-29
Bugzilla▶
CVE-2016-2568 polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl↗2016-01-21
Bugzilla▶
CVE-2016-2568 polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl [fedora-all]↗2016-01-21