CVE-2016-2779

CWE-264CWE-27010 documents7 sources
Severity
7.8HIGH
EPSS
0.0%
top 87.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kernel Util-linux
Timeline
PublishedFeb 7
Latest updateMay 14

Description

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianutil-linux< 2.31.1-0.1+3
NVDkernel/util-linux2.24.2-1

🔴Vulnerability Details

3
GHSA
GHSA-7q5h-997q-c4x2: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's i2022-05-14
CVEList
CVE-2016-2779: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's i2017-02-07
OSV
CVE-2016-2779: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's i2017-02-07

📋Vendor Advisories

2
Red Hat
util-linux: runuser tty hijack via TIOCSTI ioctl2016-02-26
Debian
CVE-2016-2779: util-linux - runuser in util-linux allows local users to escape to the parent session via a c...2016

💬Community

4
Bugzilla
CVE-2016-8635 nss: small-subgroups attack flaw2016-11-04
Bugzilla
CVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash2016-10-12
Bugzilla
CVE-2016-2779 util-linux: runuser tty hijack via TIOCSTI ioctl2016-02-29
Bugzilla
CVE-2016-2779 util-linux: runuser tty hijack via TIOCSTI ioctl [fedora-all]2016-02-29
CVE-2016-2779 (HIGH CVSS 7.8) | runuser in util-linux allows local | cvebase.io