CVE-2016-2568

CVE-2016-2568

Name

CVE-2016-2568

Description

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mailing List	http://www.openwall.com/lists/oss-security/2016/02/26/3
Third Party Advisory	https://access.redhat.com/security/cve/cve-2016-2568
Mailing List	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=1300746
Third Party Advisory	https://ubuntu.com/security/CVE-2016-2568

Type

URI

Mailing List

http://www.openwall.com/lists/oss-security/2016/02/26/3

Third Party Advisory

https://access.redhat.com/security/cve/cve-2016-2568

Mailing List

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1300746

Third Party Advisory

https://ubuntu.com/security/CVE-2016-2568

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:freedesktop:polkit::::::::`	polkit	== None	== None

CPE URI

Source package

Min version

Max version

cpe:2.3:a:freedesktop:polkit:*:*:*:*:*:*:*:*

polkit

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
polkit	edge-community	126-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	126-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	125-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	124-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	123-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	122-r5	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	122-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	122-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	122-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	122-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	121-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	0.120-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	edge-community	0.119-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	3.22-community	126-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	3.22-community	125-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
polkit	3.22-community	0.120-r2	None	possibly vulnerable
polkit	3.22-community	0.119-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

polkit

edge-community

126-r1

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

polkit

edge-community