Red Hat Bugzilla – Bug 1300746
CVE-2016-2568 polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl
Last modified: 2017-08-24 08:36:30 EDT
It was reported that when executing a program via "pkexec --user nonpriv program", the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing privilege escalation.
Original bug report (contains reproducer):
Created polkit tracking bugs for this issue:
Affects: fedora-all [bug 1300747]
I'd like to request a CVE for this issue, thanks.