CVE-2016-7097 - OpenCVE

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef	Issue Tracking Patch
http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2	Patch
http://rhn.redhat.com/errata/RHSA-2017-0817.html
http://www.openwall.com/lists/oss-security/2016/08/26/3	Mailing List
http://www.securityfocus.com/bid/92659
http://www.securitytracker.com/id/1038201
http://www.spinics.net/lists/linux-fsdevel/msg98328.html	Patch Third Party Advisory
http://www.ubuntu.com/usn/USN-3146-1
http://www.ubuntu.com/usn/USN-3146-2
http://www.ubuntu.com/usn/USN-3147-1
https://access.redhat.com/errata/RHSA-2017:1842
https://access.redhat.com/errata/RHSA-2017:2077
https://access.redhat.com/errata/RHSA-2017:2669
https://bugzilla.redhat.com/show_bug.cgi?id=1368938	Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef	Patch Third Party Advisory
https://source.android.com/security/bulletin/2017-04-01
https://support.f5.com/csp/article/K31603170?utm_source=f5support&amp%3Butm_medium=RSS

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-10-16T21:00:00

Updated: 2019-10-09T19:07:27

Reserved: 2016-08-26T00:00:00

Link: CVE-2016-7097

JSON object: View

NVD Information

Status : Modified

Published: 2016-10-16T21:59:11.147

Modified: 2023-02-12T23:25:19.473

Link: CVE-2016-7097

JSON object: View

Redhat Information

No data.

CWE

CWE-285

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-26T00:00:00", "descriptions": [{"lang": "en", "value": "The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T19:07:27", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-3146-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3146-2"}, {"name": "USN-3146-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3146-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2017-04-01"}, {"name": "92659", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92659"}, {"name": "RHSA-2017:2669", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2669"}, {"name": "[linux-fsdevel] 20160526 [PATCH 2/2] posix_acl: Clear SGID bit when modifying file permissions", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.spinics.net/lists/linux-fsdevel/msg98328.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef"}, {"name": "[oss-security] 20160826 Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/08/26/3"}, {"name": "RHSA-2017:0817", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"}, {"name": "USN-3147-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3147-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef"}, {"name": "RHSA-2017:2077", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2077"}, {"name": "RHSA-2017:1842", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:1842"}, {"name": "[linux-fsdevel] 20160819 [PATCH v2] posix_acl: Clear SGID bit when setting file permissions", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2"}, {"name": "1038201", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038201"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K31603170?utm_source=f5support&amp%3Butm_medium=RSS"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-7097", "datePublished": "2016-10-16T21:00:00", "dateReserved": "2016-08-26T00:00:00", "dateUpdated": "2019-10-09T19:07:27", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2B9219B-3507-4C0A-90B0-3A53254FDCD0", "versionEndIncluding": "4.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions."}, {"lang": "es", "value": "La implementaci\u00f3n del sistema de archivos en el kernel de Linux hasta la versi\u00f3n 4.8.2 preserva el bit setgid durante una llamada setxattr, lo que permite a usuarios locales obtener privilegios de grupo aprovechando la existencia de un programa setgid con restricciones en permisos de ejecuci\u00f3n."}], "id": "CVE-2016-7097", "lastModified": "2023-02-12T23:25:19.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-16T21:59:11.147", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2016/08/26/3"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/92659"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1038201"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.spinics.net/lists/linux-fsdevel/msg98328.html"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3146-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3146-2"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3147-1"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:1842"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2077"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2017:2669"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef"}, {"source": "secalert@redhat.com", "url": "https://source.android.com/security/bulletin/2017-04-01"}, {"source": "secalert@redhat.com", "url": "https://support.f5.com/csp/article/K31603170?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "nvd@nist.gov", "type": "Primary"}]}