PT-2016-7214 · Linux+5 · Linux Kernel+5

Andrej Nemec

Published

2016-10-16

Updated

2023-02-12

CVE-2016-7097

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.8.2

Description The issue concerns the filesystem implementation in the Linux kernel, which preserves the setgid bit during a setxattr call. This allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.

Recommendations For Linux kernel versions through 4.8.2, update to a version later than 4.8.2 to resolve the issue.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

ALT-PU-2016-2218

ALT-PU-2017-1330

CESA-2017_0817

CESA-2017_1842

CVE-2016-7097

DLA-772-1

MGASA-2016-0372

OPENSUSE-SU-2016_3021-1

OPENSUSE-SU-2016_3058-1

RHSA-2017:0817

RHSA-2017:1842

RHSA-2017:2077

RHSA-2017:2669

RHSA-2017_0817

RHSA-2017_1842

RHSA-2017_2077

SUSE-SU-2016:2912-1

SUSE-SU-2016:2976-1

SUSE-SU-2016:3304-1

SUSE-SU-2017:0333-1

SUSE-SU-2017:0471-1

SUSE-SU-2017:0494-1

SUSE-SU-2017:1102-1

USN-3146-1

USN-3146-2

USN-3147-1

USN-3161-3

USN-3161-4

USN-3162-2

USN-3422-1

USN-3422-2

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2016-7214 · Linux+5 · Linux Kernel+5

CVE-2016-7097

Weakness Enumeration

Related Identifiers

Affected Products

References · 521