Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 26 Feb 2016 02:05:45 -0500 (EST)
From: cve-assign@...re.org
To: up201407890@...nos.dcc.fc.up.pt
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: pkexec tty hijacking via TIOCSTI ioctl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> When executing a program via "pkexec --user nonpriv program" the
> nonpriv session can
> escape to the parent session by using the TIOCSTI ioctl to push
> characters into the
> terminal's input buffer

> https://bugzilla.redhat.com/show_bug.cgi?id=1300746

Use CVE-2016-2568.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWz+EkAAoJEL54rhJi8gl5pE4QAJm2/2l0HyDMz50E1G/f7ZSB
2VdigMvP/55H7rk6x6y8S6DJdU87qlZR5tnozh9Ay52k9z0Rt7K4lozsOno+z+oV
c+yXObgNK8J6BwfaKP8lsCxPVorhdXI98NRS/j2poT91nOjmxmff0TcKN3MHpn6x
HZ4OxDAkm5B9hl43Ue32xPrMilbG/Ch1yblKJDTUA3vlIY+txhORBr2ZDXYTBdu1
i0tKjUC6hRub1Yu79SHuwtc0aFdggY7ZbzpAyOeOSHcz7EczWZd4dN4oD33a3xbt
DdXsLl6VQ2QKOm2AVbgTwcq13L4g9rOcpRN2o1zuGpbYn9e4ebvLeqbBPO4hlpW8
FxCdOpbOPsU4oikwf/EPNUPGQVEV2DPszIDp5/y31NUQb5DEz8sGUEA7lti2Na2w
Y+/AnnR1oeMSXsK42Pyfak7WVaGJfllSJ1LKJHxD4XoGVjMMZlWpWYtwrm5reu9v
IxVpYa+lwdmyzbWu9+w+y/wHEnvzq4vrVpyDXHk2833EtXsqDssvRjKn0NNy7BSN
o3XAC0Goj3j1ld0e6AefkHn9GioODWXuSoZr3tvy7GNMLl52/huLCOdBYxTvCpoE
oQDuhvcwRGRijclxOCmZ5mlnCGvB/u0o7bq+gxj1E757iY5NSoXMQGK3CFUlz56K
rHWOpmcUoiZd/kWV8hTY
=1vcI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ