Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2568

Опубликовано: 19 янв. 2016
Источник: redhat
CVSS3: 6.1
CVSS2: 5.1
EPSS Низкий

Описание

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

It was found that pkexec was vulnerable to TIOCSTI ioctl attacks, allowing the executed program to push characters to its TTY's input buffer. While being executed as a non-privileged user, a specially crafted program could force its parent TTY to enter commands, interpreted by the shell when pkexec exits.

Отчет

This issue affects the versions of polkit as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. This vulnerability requires user interaction for successful exploitation, which is why this vulnerability has been marked as moderate by Red Hat. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6polkitWill not fix
Red Hat Enterprise Linux 7polkitWill not fix
Red Hat Enterprise Linux 9polkitAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-270
https://bugzilla.redhat.com/show_bug.cgi?id=1300746polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl

EPSS

Процентиль: 34%
0.00131
Низкий

6.1 Medium

CVSS3

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2568

CVSS3: 7.8
ubuntu
почти 9 лет назад

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

nvd логотип

CVE-2016-2568

CVSS3: 7.8
nvd
почти 9 лет назад

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

msrc логотип

CVE-2016-2568

CVSS3: 7.8
msrc
3 месяца назад

pkexec, when used with --user nonpriv, allows local users to escape to the parent session

debian логотип

CVE-2016-2568

CVSS3: 7.8
debian
почти 9 лет назад

pkexec, when used with --user nonpriv, allows local users to escape to ...

github логотип

GHSA-8vgc-x7hv-3g84

CVSS3: 7.8
github
больше 3 лет назад

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

EPSS

Процентиль: 34%
0.00131
Низкий

6.1 Medium

CVSS3

5.1 Medium

CVSS2