Back to bug 1312863
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-02-29 12:10:40 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,fedora-all/util-linux=new | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,fedora-all/util-linux=affected |
| Adam Mariš | 2016-02-29 12:10:58 UTC | Depends On | 1312864 | |
| Adam Mariš | 2016-02-29 12:12:32 UTC | Blocks | 1312867 | |
| Salvatore Bonaccorso | 2016-02-29 19:44:09 UTC | CC | carnil | |
| Adam Mariš | 2016-03-09 12:49:34 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,fedora-all/util-linux=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,rhel-6/util-linux-ng=new,rhel-7/util-linux=new,fedora-all/util-linux=affected |
| Cedric Buissart | 2016-04-04 09:29:17 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-04-04 10:14:46 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,rhel-6/util-linux-ng=new,rhel-7/util-linux=new,fedora-all/util-linux=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=affected,rhel-6/util-linux-ng=new,rhel-7/util-linux=affected,fedora-all/util-linux=affected |
| Cedric Buissart | 2016-04-04 10:15:39 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=affected,rhel-6/util-linux-ng=new,rhel-7/util-linux=affected,fedora-all/util-linux=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=affected,rhel-6/util-linux-ng=notaffected,rhel-7/util-linux=affected,fedora-all/util-linux=affected |
| Cedric Buissart | 2016-04-04 10:16:24 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=affected,rhel-6/util-linux-ng=notaffected,rhel-7/util-linux=affected,fedora-all/util-linux=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=notaffected,rhel-6/util-linux-ng=notaffected,rhel-7/util-linux=affected,fedora-all/util-linux=affected |
| Cedric Buissart | 2016-04-04 10:30:18 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=notaffected,rhel-6/util-linux-ng=notaffected,rhel-7/util-linux=affected,fedora-all/util-linux=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,rhel-6/util-linux-ng=new,rhel-7/util-linux=new,fedora-all/util-linux=affected |
| Cedric Buissart | 2016-04-04 10:32:37 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,rhel-6/util-linux-ng=new,rhel-7/util-linux=new,fedora-all/util-linux=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,rhel-6/util-linux-ng=new,rhel-7/util-linux=affected,fedora-all/util-linux=affected |
| Adam Mariš | 2016-04-04 11:08:41 UTC | Summary | CVE-2016-2781 util-linux: Non-privileged session can escape to the parent session in chroot | CVE-2016-2781 core-utils: Non-privileged session can escape to the parent session in chroot |
| Adam Mariš | 2016-04-04 11:09:02 UTC | Summary | CVE-2016-2781 core-utils: Non-privileged session can escape to the parent session in chroot | CVE-2016-2781 coreutils: Non-privileged session can escape to the parent session in chroot |
| Adam Mariš | 2016-04-04 11:10:49 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/util-linux=new,rhel-6/util-linux-ng=new,rhel-7/util-linux=affected,fedora-all/util-linux=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/coreutils=new,rhel-6/coreutils=new,rhel-7/coreutils=new,fedora-all/coreutils=affected |
| Ondrej Vasik | 2016-04-04 12:48:39 UTC | CC | ovasik | |
| Cedric Buissart | 2016-04-04 14:02:51 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/coreutils=new,rhel-6/coreutils=new,rhel-7/coreutils=new,fedora-all/coreutils=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/coreutils=affected,rhel-6/coreutils=affected,rhel-7/coreutils=affected,fedora-all/coreutils=affected |
| Cedric Buissart | 2016-04-05 15:35:54 UTC | Comment 5 is private | 1 | 0 |
| Cedric Buissart | 2016-04-08 10:17:39 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/coreutils=affected,rhel-6/coreutils=affected,rhel-7/coreutils=affected,fedora-all/coreutils=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/coreutils=notaffected,rhel-6/coreutils=affected,rhel-7/coreutils=affected,fedora-all/coreutils=affected |
| Kamil Dudka | 2016-09-27 11:48:56 UTC | CC | kdudka | |
| Wade Mealing | 2016-09-28 03:21:46 UTC | CC | wmealing | |
| Slawomir Czarko | 2017-02-08 17:44:27 UTC | CC | slawomir | |
| Cedric Buissart | 2017-08-10 13:23:07 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/coreutils=notaffected,rhel-6/coreutils=affected,rhel-7/coreutils=affected,fedora-all/coreutils=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/coreutils=notaffected,rhel-6/coreutils=wontfix,rhel-7/coreutils=affected,fedora-all/coreutils=affected |
| Cedric Buissart | 2018-03-05 14:31:17 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Doc Text | It was found that chroot was vulnerable to TIOCSTI ioctl attacks, allowing the executed program to push characters to its TTY's input buffer. While being executed as a non-privileged user, a specially crafted program could force its parent TTY to enter commands, interpreted by the shell when chroot exits. | |||
| Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,rhel-5/coreutils=notaffected,rhel-6/coreutils=wontfix,rhel-7/coreutils=affected,fedora-all/coreutils=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=8.6/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H,cwe=cwe-270,rhel-5/coreutils=notaffected,rhel-6/coreutils=wontfix,rhel-7/coreutils=wontfix,fedora-all/coreutils=affected | ||
| Last Closed | 2018-03-05 09:31:17 UTC | |||
| Eric Christensen | 2018-03-13 13:08:26 UTC | CC | sparks | |
| Eric Christensen | 2018-03-13 13:08:45 UTC | CC | sparks | |
| Andrej Nemec | 2018-05-09 15:36:21 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=8.6/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H,cwe=cwe-270,rhel-5/coreutils=notaffected,rhel-6/coreutils=wontfix,rhel-7/coreutils=wontfix,fedora-all/coreutils=affected | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=8.6/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-270,rhel-5/coreutils=notaffected,rhel-6/coreutils=wontfix,rhel-7/coreutils=wontfix,fedora-all/coreutils=affected |
| Product Security DevOps Team | 2019-09-29 13:45:06 UTC | Whiteboard | impact=moderate,public=20160228,reported=20160228,source=oss-security,cvss2=6.2/AV:L/AC:H/Au:N/C:C/I:C/A:C,cvss3=8.6/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H,cwe=CWE-270,rhel-5/coreutils=notaffected,rhel-6/coreutils=wontfix,rhel-7/coreutils=wontfix,fedora-all/coreutils=affected |
Back to bug 1312863