CVE-2016-2856

HIGH

Canonical Ubuntu Linux - Access Control

Title source: rule
STIX 2.1

Description

pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.

Exploits (1)

exploitdb WORKING POC
by halfdog · textlocallinux
https://www.exploit-db.com/exploits/41760

References (9)

Core 9
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/03/07/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84601
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2985-2
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/23/3
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2985-1

Scores

CVSS v3 8.4
EPSS 0.0068
EPSS Percentile 71.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (4)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
debian/debian_linux 8.0
Published Mar 14, 2016
Tracked Since Feb 18, 2026