CVE-2016-2856

Priority
Medium
Description
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the
elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before
2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before
2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04
LTS and 16.10 lacks a namespace check associated with file-descriptor
passing, which allows local users to capture keystrokes and spoof data, and
possibly gain privileges, via pts read and write operations, related to
debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in
the upstream GNU C Library because the upstream documentation has a clear
security recommendation against the --enable-pt_chown option.
Ubuntu-Description
Martin Carpenter discovered that pt_chown in the GNU C Library
did not properly check permissions for tty files. A local attacker
could use this to gain administrative privileges or expose sensitive
information.
References
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):released (2.15-0ubuntu10.14)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.8)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected (2.23-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:released (2.21-0ubuntu4.0.7)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.23-0ubuntu1)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.23-0ubuntu1)
Patches:
Upstream:https://sourceware.org/git/?p=glibc.git;a=commit;h=77356912e83601fd0240d22fe4d960348b82b5c3
More Information

Updated: 2017-09-28 22:14:37 UTC (commit 13419)