CVE-2016-2781

CVE-2016-2781

Name

CVE-2016-2781

Description

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mailing List	http://www.openwall.com/lists/oss-security/2016/02/28/2
Mailing List	http://www.openwall.com/lists/oss-security/2016/02/28/3
cve@mitre.org	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

Type

URI

Mailing List

http://www.openwall.com/lists/oss-security/2016/02/28/2

Mailing List

http://www.openwall.com/lists/oss-security/2016/02/28/3

cve@mitre.org

https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:coreutils::::::::`	coreutils	== None	== None

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:coreutils:*:*:*:*:*:*:*:*

coreutils

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
coreutils	edge-main	9.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.8-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.8-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.7-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.6-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.6-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.5-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.5-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	9.4-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	edge-main	8.30-r0	None	possibly vulnerable
coreutils	3.22-main	9.7-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	3.22-main	9.4-r2	None	possibly vulnerable
coreutils	3.22-main	8.30-r0	None	possibly vulnerable
coreutils	3.21-main	9.5-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	3.21-main	9.5-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	3.21-main	9.4-r2	None	possibly vulnerable
coreutils	3.21-main	8.30-r0	None	possibly vulnerable
coreutils	3.20-main	9.5-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	3.20-main	9.5-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	3.20-main	9.4-r2	None	possibly vulnerable
coreutils	3.20-main	8.30-r0	None	possibly vulnerable
coreutils	3.19-main	9.4-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
coreutils	3.19-main	8.30-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

coreutils

edge-main

9.9-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

coreutils

edge-main