CVE-2016-2568

Name of the Vulnerable Software and Affected Versions pkexec versions (affected versions not specified)

Description The issue allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. This is related to the use of pkexec with the --user nonpriv option. The vulnerability is also described as being related to an insufficient encoding or escaping mechanism in the Policykit platform, which could allow an attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.