CVE-2016-2568

Published: Feb 13, 2017Modified: May 13, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.1 / Impact: 6.0

Source: NVD

Description

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Affected (3)

Products: Freedesktop: Polkit · Redhat: Enterprise Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freedesktop Polkit	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (10)

http://www.openwall.com/lists/oss-security/2016/02/26/3

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://access.redhat.com/security/cve/cve-2016-2568

Source: cve@mitre.org

Third Party Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1300746

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://ubuntu.com/security/CVE-2016-2568

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/02/26/3