CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2568
https://notcve.org/view.php?id=CVE-2016-2568
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. pkexec, cuando se utiliza con --user nonpriv, permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada de la terminal. • http://www.openwall.com/lists/oss-security/2016/02/26/3 https://access.redhat.com/security/cve/cve-2016-2568 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062 https://bugzilla.redhat.com/show_bug.cgi?id=1300746 https://ubuntu.com/security/CVE-2016-2568 • CWE-116: Improper Encoding or Escaping of Output •