Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 636394 (CVE-2016-5759)

Summary: sys-kernel/dracut: Privilege escalation vulnerability (CVE-2016-5759)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: critical CC: aidecoe, alexander, chutzpah, floppym
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A1 [ebuild cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-11-03 15:41:08 UTC 
CVE-2016-5759 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5759):
  The mkdumprd script called "dracut" in the current working directory "."
  allows local users to trick the administrator into executing code as root.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-03 15:41:52 UTC 
@Maintainers could you please confirm if we are affected by this CVE? 

Thank you
Comment 2 Mike Gilbert gentoo-dev 2017-11-03 15:53:11 UTC 
This is not a vulnerability in dracut.

The CVE is about a vulnerability in a script called mkdumprd in SUSE's kdump package. I don't think we have any equivalent script/package in Gentoo.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-03 16:00:25 UTC 
Thank you for the information.