Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
8.4
CVSSv3

CVE-2016-2856

Published: 14/03/2016 Updated: 28/11/2016
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.4 | Impact Score: 5.9 | Exploitability Score: 2.5
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

pt_chown in the glibc package prior to 2.19-18+deb8u4 on Debian jessie; the elibc package prior to 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and prior to 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package prior to 2.21-0ubuntu4.2 on Ubuntu 15.10 and prior to 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 12.04

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

debian debian linux 8.0

Vendor Advisories

Ubuntu Security Notice: eglibc, glibc vulnerabilities
Several security issues were fixed in the GNU C Library ...
Ubuntu Security Notice: eglibc, glibc regression
USN-2985-1 introduced a regression in the GNU C Library ...

Exploits

Exploit DB: Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation
Source: wwwhalfdognet/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/ ## Introduction Problem description: With Ubuntu Wily and earlier, /usr/lib/pt_chown was used to change ownership of slave pts devices in /dev/pts to the same uid holding the master file descriptor for the slave This is done using the pt_chown SUID binary, wh ...

References

CWE-264http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403http://www.openwall.com/lists/oss-security/2016/02/23/3http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/http://www.openwall.com/lists/oss-security/2016/03/07/2http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.htmlhttp://www.ubuntu.com/usn/USN-2985-2http://www.ubuntu.com/usn/USN-2985-1http://www.securityfocus.com/bid/84601https://nvd.nist.govhttps://usn.ubuntu.com/2985-1/https://www.exploit-db.com/exploits/41760/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267XML injectionCVE-2024-37673CVE-2024-6266CVE-2024-30078arbitrary CVE-2024-36886CVE-2024-5346template injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook