CVE-2016-2781Improper Input Validation in Coreutils

CWE-20Improper Input ValidationCWE-270Privilege Context Switching Error8 documents7 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 77.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
GNU CoreutilsDebian CoreutilsMsrc Azl3 Coreutils 9.4-1 ON Azure Linux 3.0+7 more
Timeline
PublishedFeb 7
Latest updateMay 13

Description

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 1.5 | Impact: 2.7

Affected Packages10 packages

debiandebian/coreutils< coreutils 9.4-1 (forky)
Debiangnu/coreutils< 9.4-1+1

🔴Vulnerability Details

2
GHSA
GHSA-vf3q-65gx-324p: chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes2022-05-13
OSV
CVE-2016-2781: chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes2017-02-07

📋Vendor Advisories

3
Microsoft
chroot in GNU coreutils when used with --userspec allows local users to escape to the parent session via a crafted TIOCSTI ioctl call which pushes characters to the terminal's input buffer.2017-02-21
Red Hat
coreutils: Non-privileged session can escape to the parent session in chroot2016-02-28
Debian
CVE-2016-2781: coreutils - chroot in GNU coreutils, when used with --userspec, allows local users to escape...2016

💬Community

2
Bugzilla
CVE-2016-2781 coreutils: Non-privileged session can escape to the parent session in chroot [fedora-all]2016-02-29
Bugzilla
CVE-2016-2781 coreutils: Non-privileged session can escape to the parent session in chroot2016-02-29