12 Mar 2016
Vulnerability Details :
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
Publish Date : 2016-03-13 Last Update Date : 2016-03-13
- CVSS Scores & Vulnerability Types
- Products Affected By CVE-2016-2856
- References For CVE-2016-2856
- Metasploit Modules Related To CVE-2016-2856