CVE-2016-2779
published 2017-02-07CVE-2016-2779: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input…
high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | util-linux | < util-linux 2.31.1-0.1 (bookworm) | util-linux 2.31.1-0.1 (bookworm) |
| kernel | util-linux | — | — |
| kernel | util-linux | >= 0 < 2.31.1-0.1 | 2.31.1-0.1 |
| kernel | util-linux | >= 0 < 2.31.1-0.1 | 2.31.1-0.1 |
| kernel | util-linux | >= 0 < 2.31.1-0.1 | 2.31.1-0.1 |
| kernel | util-linux | >= 0 < 2.31.1-0.1 | 2.31.1-0.1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH