Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 27 Feb 2016 08:44:25 -0500 (EST)
From: cve-assign@...re.org
To: up201407890@...nos.dcc.fc.up.pt
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> When executing a program via "runuser -u nonpriv program" the
> nonpriv session can
> escape to the parent session by using the TIOCSTI ioctl to push
> characters into the
> terminal's input buffer

> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922

Use CVE-2016-2779.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW0aedAAoJEL54rhJi8gl5pAoQAKWMwUdm+ZVBG7mMq8qqlCSQ
an4Xqnp7s8vlogDY3NDBvVYazYVtg5Ajh9fSrWtNJeRcRkfiOw856XYNyN3mXcvn
JXD2XMllsy+UsynMKzt4rlp6qlUCa26s4q60q6eDhoZRkRu/YjpitlnJwB6o2+yJ
J8rZ3gZgzBL9ydfn0e+dOTdHrrpkM6mnKl1i6XKiHAdCz9AXqEn+rWVpsp6tfg8p
Xnjr7VYQYBqELHzX4w7wuyMsc1zSSFd4X2dqT50ypNbRVh+UjZLR5bO4NNIILFB4
YJGuGIKKc6rkGgNrNa7CM7Ll0f2O+i1Bpb4Iv+39ACT5TRXuFGwh2O//ZRCeLVbl
edEhEnc60xcJAGnf47bA11thDvgxS11sc/tI++2bW3jYARRzybSS6Ym0hvGP/lGE
8VycZrUMMDKKTXWu7mXxqTnbIDh91y1jVpdfZ077Qf9maEzpTM89zXuMc2GTbylY
on8ZoRqxNto++aejWpILRvno9iA7jxXj68ex4Lb8IFNJeQNoKYaZRs/OxM62RmUV
GAK/HrGbhM/A2/6AvFbrYEdXIbEzbFJqbLuZ0p/+sQZzQuoD9p992Cm2+yjPkoC0
CJOzwgm9GSPYzvLmIOGWw/7n+H+a2HRGxKzscwc6GP2fmSfYdyfcCS76fcKlx30N
uTHZfWSO+IA9Kz9tUgc2
=L3QX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.