Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2016-2856
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-14 Mar, 2016 | 01:00
Updated At-05 Aug, 2024 | 23:40
Rejected At-
▼CVE Numbering Authority (CNA)

pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/
x_refsource_MISC
http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/03/07/2
mailing-list
x_refsource_MLIST
http://www.securityfocus.com/bid/84601
vdb-entry
x_refsource_BID
http://www.ubuntu.com/usn/USN-2985-2
vendor-advisory
x_refsource_UBUNTU
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html
x_refsource_CONFIRM
http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/02/23/3
mailing-list
x_refsource_MLIST
http://www.ubuntu.com/usn/USN-2985-1
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/
Resource:
x_refsource_MISC
Hyperlink: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2016/03/07/2
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.securityfocus.com/bid/84601
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.ubuntu.com/usn/USN-2985-2
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2016/02/23/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.ubuntu.com/usn/USN-2985-1
Resource:
vendor-advisory
x_refsource_UBUNTU
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/
x_refsource_MISC
x_transferred
http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2016/03/07/2
mailing-list
x_refsource_MLIST
x_transferred
http://www.securityfocus.com/bid/84601
vdb-entry
x_refsource_BID
x_transferred
http://www.ubuntu.com/usn/USN-2985-2
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html
x_refsource_CONFIRM
x_transferred
http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2016/02/23/3
mailing-list
x_refsource_MLIST
x_transferred
http://www.ubuntu.com/usn/USN-2985-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.halfdog.net/Security/2015/PtChownArbitraryPtsAccessViaUserNamespace/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/03/07/2
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.securityfocus.com/bid/84601
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2985-2
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2016/02/23/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-2985-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Details not found