636394 – (CVE-2016-5759) sys-kernel/dracut: Privilege escalation vulnerability (CVE-2016-5759)

Bug 636394 (CVE-2016-5759) - sys-kernel/dracut: Privilege escalation vulnerability (CVE-2016-5759)

Summary: sys-kernel/dracut: Privilege escalation vulnerability (CVE-2016-5759)

Status:	RESOLVED INVALID

Alias:	CVE-2016-5759

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A1 [ebuild cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-11-03 15:41 UTC by GLSAMaker/CVETool Bot
Modified:	2017-11-03 16:00 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2017-11-03 15:41:08 UTC

CVE-2016-5759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5759):
  The mkdumprd script called "dracut" in the current working directory "."
  allows local users to trick the administrator into executing code as root.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-11-03 15:41:52 UTC

@Maintainers could you please confirm if we are affected by this CVE? 

Thank you

Comment 2 Mike Gilbert gentoo-dev

2017-11-03 15:53:11 UTC

This is not a vulnerability in dracut.

The CVE is about a vulnerability in a script called mkdumprd in SUSE's kdump package. I don't think we have any equivalent script/package in Gentoo.

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-11-03 16:00:25 UTC

Thank you for the information.