Improper Input Validation in coreutils

Do your applications use this vulnerable package? Test your applications

Overview

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

References

Debian Security Tracker
MLIST
OSS security Advisory
OSS security Advisory
Ubuntu CVE Tracker

Attack Vector

Local
Attack Complexity

Low
Privileges Required

Low
User Interaction

None
Scope

Changed
Confidentiality

None
Integrity

High
Availability

None

CVE: CVE-2016-2781
CWE: CWE-20
Snyk ID: SNYK-UBUNTU1804-COREUTILS-317469
Disclosed: 07 Feb, 2017
Published: 07 Feb, 2017

Improper Input Validation
Affecting coreutils package, versions *

Overview

References

CVSS Score

Improper Input Validation Affecting coreutils package, versions *

Overview

References

Improper Input Validation
Affecting coreutils package, versions *