Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 28 Feb 2016 09:44:34 -0500 (EST)
From: cve-assign@...re.org
To: patrakov@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl -- chroot

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> When executing a program via "chroot --userspec=someuser:somegroup / /path/to/test" the
> nonpriv session can
> escape to the parent session by using the TIOCSTI ioctl to push
> characters into the
> terminal's input buffer

Use CVE-2016-2781.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW0wd3AAoJEL54rhJi8gl5cBYP/1WlCfCDNUNstoYutxRFNeWv
wifaesCbmqteWa0W1z50I+VMZW4mZ4LSIk3s2t0981iuQzWuzGY1CHFO1O9YCG4z
yBBtMBSLEp5Erdlga/e0gCStvH/TW7cXKNbWEd/nrQPYzmBKd+ZoVODHzH/01rSj
7wMbk48GAe1Kp2JM6FTh738gRfP7dsM+uuEbN5QO6k54dNM0K5zPEd0CJuwomGJO
ilOsuMoPjBIDhZ/3n6E+g3qIk/1ztJhoVi9E6Xm7+41+PqPSL4HMl1mLjLp/iG55
zORhghkOUGsHxqho8SBM/uKT/n4O4+6Ep/kr55gzInTi17FfAlzhmbLz4Nv9TAT3
XsN933yToX78F1gWgw4Xy/go7iK920rCfGHeP0GTGWLm9Zm3yqS4raQcl+qwJ4kE
P8fYjvyF7t3meeipCqwzgW+hSCX4z6QVuiIv+E752sB5r6D+VRKApvf8+qI6Okly
6v4+Gq6OCACPN1TulMWZ+0TzI1baiOZ70KJM9FjGSCjA9q21xUhpVcLRJvJk6NwM
ie0AC/SH8AVedX+ld0zVlSn5WCOM1+mFH7SV268pcpUgKwgkfNUMicdRR6UvBM8U
8F5wM6lQiKfyixoRCaWDD5ERdQRxqErPJB1o721tg0865LN2LZaieXWsKAE5R/v6
mxir1GW4UEKpLSCT1jd8
=ckDP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.