oss-sec mailing list archives
Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl
From: "Alexander E. Patrakov" <patrakov () gmail com>
Date: Sun, 28 Feb 2016 17:14:09 +0500
27.02.2016 18:44, cve-assign () mitre org пишет:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256When executing a program via "runuser -u nonpriv program" the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input bufferhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922Use CVE-2016-2779.
One more case: chroot --userspec=someuser:somegroup / /path/to/test This also runs "id" at the end. -- Alexander E. Patrakov
Current thread:
- CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl up201407890 (Feb 26)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl cve-assign (Feb 27)
- Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl Alexander E. Patrakov (Feb 28)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl -- chroot cve-assign (Feb 28)
- Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl Alexander E. Patrakov (Feb 28)
- Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl cve-assign (Feb 27)