CVE-2016-5759

CWE-20Improper Input Validation6 documents5 sources
Severity
7.8HIGH
EPSS
0.0%
top 91.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Novell Suse Linux Enterprise DesktopNovell Suse Linux Enterprise ServerOpensuse Leap
Timeline
PublishedSep 8
Latest updateMay 14

Description

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDopensuse/leap42.1

🔴Vulnerability Details

2
GHSA
GHSA-wp6g-h882-vcw2: The mkdumprd script called "dracut" in the current working directory "2022-05-14
CVEList
CVE-2016-5759: The mkdumprd script called "dracut" in the current working directory "2017-09-08

📋Vendor Advisories

1
Red Hat
kexec-tools: mkdumprd script called "dracut" in the current working directory2016-07-22

💬Community

2
Bugzilla
CVE-2016-5759 kexec-tools: mkdumprd script called "dracut" in the current working directory2017-11-08
Bugzilla
CVE-2016-5759 kexec-tools: mkdumprd script called "dracut" in the current working directory [fedora-all]2017-11-08