Published: 07/02/2017 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 189

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu coreutils

Debian Bug report logs - #816320 coreutils: CVE-2016-2781: nonpriv session can escape to the parent session by using the TIOCSTI ioctl Package: src:coreutils; Maintainer for src:coreutils is Michael Stone <mstone@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Feb 2016 19:48:01 UTC Se ...

Debian Bug report logs - #850702 CVE-2017-5226 -- bubblewrap escape Package: bubblewrap; Maintainer for bubblewrap is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for bubblewrap is src:bubblewrap (PTS, buildd, popcon) Reported by: up201407890@alunosdccfcuppt Date: Mon, 9 Jan 2017 13 ...

radix-image-scanner The radix-image-scanner gives radix-pipeline access to security scan the images produced during build The result of the scan is written to a k8s ConfigMap An aggregated vulnerability count per severity, written to a key defined by VULNERABILITY_COUNT_KEY as a key/value JSON document where key is severity in lowercase and value is number of vulnerabilities

Phonito Security Docker Vulnerability Scanner This action automates scanning Docker images for OS & library vulnerabilities You will need a Phonito Secuirty account which you can get for free at phonitoio Example output: Phonito Scan Complete! ============================================== 4 CVEs present image ============================================== �

Free Docker Vulnerability Scanning for CI/CD integration

Phonito Security Docker Vulnerability Scanner This action automates scanning Docker images for OS & library vulnerabilities You will need a Phonito Secuirty account which you can get for free at phonitoio Example output: Phonito Scan Complete! ============================================== 4 CVEs present image ============================================== �

vulnlist A tool for fetching, transforming, and storing vulnerability data from a variety of sources S

Tool for collecting vulnerability data from various sources (used to build the grype database)

vunnel A tool for fetching, transforming, and storing vulnerability data from a variety of sources Sup

CWE-20 http://www.openwall.com/lists/oss-security/2016/02/28/3 http://www.openwall.com/lists/oss-security/2016/02/28/2 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816320 https://github.com/phonito/phonito-scanner-action

CVE-2016-2781

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect