oss-sec mailing list archives
Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl
From: cve-assign () mitre org
Date: Sat, 27 Feb 2016 08:44:25 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
When executing a program via "runuser -u nonpriv program" the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922
Use CVE-2016-2779. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW0aedAAoJEL54rhJi8gl5pAoQAKWMwUdm+ZVBG7mMq8qqlCSQ an4Xqnp7s8vlogDY3NDBvVYazYVtg5Ajh9fSrWtNJeRcRkfiOw856XYNyN3mXcvn JXD2XMllsy+UsynMKzt4rlp6qlUCa26s4q60q6eDhoZRkRu/YjpitlnJwB6o2+yJ J8rZ3gZgzBL9ydfn0e+dOTdHrrpkM6mnKl1i6XKiHAdCz9AXqEn+rWVpsp6tfg8p Xnjr7VYQYBqELHzX4w7wuyMsc1zSSFd4X2dqT50ypNbRVh+UjZLR5bO4NNIILFB4 YJGuGIKKc6rkGgNrNa7CM7Ll0f2O+i1Bpb4Iv+39ACT5TRXuFGwh2O//ZRCeLVbl edEhEnc60xcJAGnf47bA11thDvgxS11sc/tI++2bW3jYARRzybSS6Ym0hvGP/lGE 8VycZrUMMDKKTXWu7mXxqTnbIDh91y1jVpdfZ077Qf9maEzpTM89zXuMc2GTbylY on8ZoRqxNto++aejWpILRvno9iA7jxXj68ex4Lb8IFNJeQNoKYaZRs/OxM62RmUV GAK/HrGbhM/A2/6AvFbrYEdXIbEzbFJqbLuZ0p/+sQZzQuoD9p992Cm2+yjPkoC0 CJOzwgm9GSPYzvLmIOGWw/7n+H+a2HRGxKzscwc6GP2fmSfYdyfcCS76fcKlx30N uTHZfWSO+IA9Kz9tUgc2 =L3QX -----END PGP SIGNATURE-----
Current thread:
- CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl up201407890 (Feb 26)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl cve-assign (Feb 27)
- Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl Alexander E. Patrakov (Feb 28)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl -- chroot cve-assign (Feb 28)
- Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl Alexander E. Patrakov (Feb 28)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl cve-assign (Feb 27)