Candidate: CVE-2016-2779 PublicDate: 2017-02-07 15:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779 http://www.openwall.com/lists/oss-security/2016/02/27/1 http://marc.info/?l=util-linux-ng&m=145694736107128&w=2 Description: runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Ubuntu-Description: Notes: mdeslaur> 2.31 introduced a --pty option that can be used Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922 https://bugzilla.redhat.com/show_bug.cgi?id=1312852 Priority: low Discovered-by: Federico Bento Assigned-to: CVSS: nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] Patches_util-linux: upstream: https://github.com/karelzak/util-linux/commit/8e4925016875c6a4f2ab4f833ba66f0fc57396a2 upstream_util-linux: released (2.31) precise_util-linux: not-affected (code not present) precise/esm_util-linux: not-affected (code not present) trusty_util-linux: not-affected (code not present) trusty/esm_util-linux: not-affected (code not present) vivid/stable-phone-overlay_util-linux: ignored (reached end-of-life) vivid/ubuntu-core_util-linux: ignored (reached end-of-life) wily_util-linux: ignored (reached end-of-life) xenial_util-linux: ignored (end of standard support, was needed) esm-infra/xenial_util-linux: needed yakkety_util-linux: ignored (reached end-of-life) zesty_util-linux: ignored (reached end-of-life) artful_util-linux: ignored (reached end-of-life) bionic_util-linux: not-affected (2.31.1-0.4ubuntu3.3) cosmic_util-linux: not-affected (2.32-0.1ubuntu2) disco_util-linux: not-affected (2.33.1-0.1ubuntu2) eoan_util-linux: not-affected (2.33.1-0.1ubuntu2) focal_util-linux: not-affected (2.33.1-0.1ubuntu2) groovy_util-linux: not-affected (2.33.1-0.1ubuntu2) hirsute_util-linux: not-affected (2.33.1-0.1ubuntu2) impish_util-linux: not-affected (2.33.1-0.1ubuntu2) jammy_util-linux: not-affected (2.33.1-0.1ubuntu2) devel_util-linux: not-affected (2.33.1-0.1ubuntu2)