cvelistv5 - CVE-2016-5759

CVE-2016-5759 (GCVE-0-2016-5759)

Vulnerability from cvelistv5

Published

2017-09-08 18:00

Modified

2024-08-06 01:15

Severity ?

CWE

Summary

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

cnvd-2017-33280

Vulnerability from cnvd

Title

Novell SUSE Linux Enterprise Server和Linux Enterprise Desktop任意代码执行漏洞

Description

Novell SuSE Linux Enterprise Server是美国Novell公司的一套企业服务器版Linux操作系统。Linux Enterprise Desktop是一套桌面版Linux系统。 Novell SUSE Linux Enterprise Server 12-SP1版本和Linux Enterprise Desktop 12-SP1版本中存在安全漏洞。攻击者可利用该漏洞以root权限执行代码。

Severity

中

Patch Name

Novell SUSE Linux Enterprise Server和Linux Enterprise Desktop任意代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://dracut.wiki.kernel.org/index.php/Main_Page

Reference

http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html

Impacted products

Name
['Novell SUSE Linux Enterprise Server 12-SP1', 'Novell SUSE Linux Enterprise Desktop 12-SP1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5759"
    }
  },
  "description": "Novell SuSE Linux Enterprise Server\u662f\u7f8e\u56fdNovell\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u670d\u52a1\u5668\u7248Linux\u64cd\u4f5c\u7cfb\u7edf\u3002Linux Enterprise Desktop\u662f\u4e00\u5957\u684c\u9762\u7248Linux\u7cfb\u7edf\u3002\r\n\r\nNovell SUSE Linux Enterprise Server 12-SP1\u7248\u672c\u548cLinux Enterprise Desktop 12-SP1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://dracut.wiki.kernel.org/index.php/Main_Page",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33280",
  "openTime": "2017-11-09",
  "patchDescription": "Novell SuSE Linux Enterprise Server\u662f\u7f8e\u56fdNovell\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u670d\u52a1\u5668\u7248Linux\u64cd\u4f5c\u7cfb\u7edf\u3002Linux Enterprise Desktop\u662f\u4e00\u5957\u684c\u9762\u7248Linux\u7cfb\u7edf\u3002\r\n\r\nNovell SUSE Linux Enterprise Server 12-SP1\u7248\u672c\u548cLinux Enterprise Desktop 12-SP1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Novell SUSE Linux Enterprise Server\u548cLinux Enterprise Desktop\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Novell SUSE Linux Enterprise Server  12-SP1",
      "Novell SUSE Linux Enterprise Desktop 12-SP1"
    ]
  },
  "referenceLink": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-13",
  "title": "Novell SUSE Linux Enterprise Server\u548cLinux Enterprise Desktop\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

ghsa-wp6g-h882-vcw2

Vulnerability from github

Published

2022-05-14 02:12

Modified

2022-05-14 02:12

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-5759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-08T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
  "id": "GHSA-wp6g-h882-vcw2",
  "modified": "2022-05-14T02:12:20Z",
  "published": "2022-05-14T02:12:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5759"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2016-5759

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

Aliases

CVE-2016-5759

Aliases

CVE-2016-5759

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5759",
    "description": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
    "id": "GSD-2016-5759",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-5759.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5759"
      ],
      "details": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
      "id": "GSD-2016-5759",
      "modified": "2023-12-13T01:21:25.232278Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "ID": "CVE-2016-5759",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[sle-security-updates] 20161017 SUSE-SU-2016:2553-1: moderate: Security update for kdump",
            "refsource": "MLIST",
            "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
          },
          {
            "name": "openSUSE-SU-2016:2605",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2016-5759"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[sle-security-updates] 20161017 SUSE-SU-2016:2553-1: moderate: Security update for kdump",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
            },
            {
              "name": "openSUSE-SU-2016:2605",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-30T16:27Z",
      "publishedDate": "2017-09-08T18:29Z"
    }
  }
}

fkie_cve-2016-5759

Vulnerability from fkie_nvd

Published

2017-09-08 18:29

Modified

2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

References

	URL	Tags
	security@opentext.com	http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html
	security@opentext.com	http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html

Impacted products

Vendor	Product	Version
novell	suse_linux_enterprise_desktop	12.0
novell	suse_linux_enterprise_server	12.0
opensuse	leap	42.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6359EF76-9371-4418-8694-B604CF02CF63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "81D94366-47D6-445A-A811-39327B150FCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root."
    },
    {
      "lang": "es",
      "value": "El script mkdumprd llamado \"dracut\" en el directorio actual \".\" permite a los usuarios locales enga\u00f1ar al administrador para que ejecute c\u00f3digo como root."
    }
  ],
  "id": "CVE-2016-5759",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-08T18:29:00.267",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
    },
    {
      "source": "security@opentext.com",
      "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

suse-su-2016:2553-1

Vulnerability from csaf_suse

Published

2016-10-17 13:09

Modified

2016-10-17 13:09

Summary

Security update for kdump

Notes

Title of the patch

Security update for kdump

Description of the patch

This update for kdump provides several fixes and enhancements: - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. (bsc#943214) - Add a separate systemd service to rebuild kdumprd at boot. (bsc#943214) - Improve network setup in the kdump environment by reading configuration from wicked by default (system configuration files are used as a fallback). (bsc#980328) - Use the last mount entry in kdump_get_mountpoints(). (bsc#951844) - Remove 'notsc' from the kdump kernel command line. (bsc#973213) - Handle dump files with many program headers. (bsc#932339, bsc#970708) - Fall back to stat() if file type is DT_UNKNOWN. (bsc#964206) - Remove vm. sysctls from kdump initrd. (bsc#927451, bsc#987862) - Use the exit code of kexec, not that of 'local'. (bsc#984799) - Convert sysroot to a bind mount in kdump initrd. (bsc#976864) - Distinguish between Xenlinux (aka Xenified or SUSE) and pvops Xen kernels, as the latter can run on bare metal. (bsc#974270) - CVE-2016-5759: Use full path to dracut as argument to bash. (bsc#989972, bsc#990200)

Patchnames

SUSE-SLE-DESKTOP-12-SP1-2016-1492,SUSE-SLE-SERVER-12-SP1-2016-1492

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for kdump",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for kdump provides several fixes and enhancements:\n\n- Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. (bsc#943214)\n- Add a separate systemd service to rebuild kdumprd at boot. (bsc#943214)\n- Improve network setup in the kdump environment by reading configuration from wicked\n  by default (system configuration files are used as a fallback). (bsc#980328)\n- Use the last mount entry in kdump_get_mountpoints(). (bsc#951844)\n- Remove \u0027notsc\u0027 from the kdump kernel command line. (bsc#973213)\n- Handle dump files with many program headers. (bsc#932339, bsc#970708)\n- Fall back to stat() if file type is DT_UNKNOWN. (bsc#964206)\n- Remove vm. sysctls from kdump initrd. (bsc#927451, bsc#987862)\n- Use the exit code of kexec, not that of \u0027local\u0027. (bsc#984799)\n- Convert sysroot to a bind mount in kdump initrd. (bsc#976864)\n- Distinguish between Xenlinux (aka Xenified or SUSE) and pvops Xen kernels, as the\n  latter can run on bare metal. (bsc#974270)\n- CVE-2016-5759: Use full path to dracut as argument to bash. (bsc#989972, bsc#990200)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP1-2016-1492,SUSE-SLE-SERVER-12-SP1-2016-1492",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2553-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:2553-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162553-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:2553-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 927451",
        "url": "https://bugzilla.suse.com/927451"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 932339",
        "url": "https://bugzilla.suse.com/932339"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 943214",
        "url": "https://bugzilla.suse.com/943214"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 951844",
        "url": "https://bugzilla.suse.com/951844"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 964206",
        "url": "https://bugzilla.suse.com/964206"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970708",
        "url": "https://bugzilla.suse.com/970708"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 973213",
        "url": "https://bugzilla.suse.com/973213"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 974270",
        "url": "https://bugzilla.suse.com/974270"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 976864",
        "url": "https://bugzilla.suse.com/976864"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980328",
        "url": "https://bugzilla.suse.com/980328"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 984799",
        "url": "https://bugzilla.suse.com/984799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 987862",
        "url": "https://bugzilla.suse.com/987862"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 989972",
        "url": "https://bugzilla.suse.com/989972"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 990200",
        "url": "https://bugzilla.suse.com/990200"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-5759 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-5759/"
      }
    ],
    "title": "Security update for kdump",
    "tracking": {
      "current_release_date": "2016-10-17T13:09:55Z",
      "generator": {
        "date": "2016-10-17T13:09:55Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:2553-1",
      "initial_release_date": "2016-10-17T13:09:55Z",
      "revision_history": [
        {
          "date": "2016-10-17T13:09:55Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.8.15-29.1.ppc64le",
                "product": {
                  "name": "kdump-0.8.15-29.1.ppc64le",
                  "product_id": "kdump-0.8.15-29.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.8.15-29.1.s390x",
                "product": {
                  "name": "kdump-0.8.15-29.1.s390x",
                  "product_id": "kdump-0.8.15-29.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.8.15-29.1.x86_64",
                "product": {
                  "name": "kdump-0.8.15-29.1.x86_64",
                  "product_id": "kdump-0.8.15-29.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64"
        },
        "product_reference": "kdump-0.8.15-29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le"
        },
        "product_reference": "kdump-0.8.15-29.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x"
        },
        "product_reference": "kdump-0.8.15-29.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64"
        },
        "product_reference": "kdump-0.8.15-29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le"
        },
        "product_reference": "kdump-0.8.15-29.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x"
        },
        "product_reference": "kdump-0.8.15-29.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64"
        },
        "product_reference": "kdump-0.8.15-29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-5759",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-5759"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-5759",
          "url": "https://www.suse.com/security/cve/CVE-2016-5759"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990200 for CVE-2016-5759",
          "url": "https://bugzilla.suse.com/990200"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T13:09:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-5759"
    }
  ]
}

opensuse-su-2024:10892-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

kdump-0.9.1-3.2 on GA media

Notes

Title of the patch

kdump-0.9.1-3.2 on GA media

Description of the patch

These are all security issues fixed in the kdump-0.9.1-3.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10892

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "kdump-0.9.1-3.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the kdump-0.9.1-3.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10892",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10892-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-5759 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-5759/"
      }
    ],
    "title": "kdump-0.9.1-3.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10892-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.9.1-3.2.aarch64",
                "product": {
                  "name": "kdump-0.9.1-3.2.aarch64",
                  "product_id": "kdump-0.9.1-3.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.9.1-3.2.ppc64le",
                "product": {
                  "name": "kdump-0.9.1-3.2.ppc64le",
                  "product_id": "kdump-0.9.1-3.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.9.1-3.2.s390x",
                "product": {
                  "name": "kdump-0.9.1-3.2.s390x",
                  "product_id": "kdump-0.9.1-3.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.9.1-3.2.x86_64",
                "product": {
                  "name": "kdump-0.9.1-3.2.x86_64",
                  "product_id": "kdump-0.9.1-3.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.9.1-3.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64"
        },
        "product_reference": "kdump-0.9.1-3.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.9.1-3.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le"
        },
        "product_reference": "kdump-0.9.1-3.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.9.1-3.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x"
        },
        "product_reference": "kdump-0.9.1-3.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.9.1-3.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64"
        },
        "product_reference": "kdump-0.9.1-3.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-5759",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-5759"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64",
          "openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le",
          "openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x",
          "openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-5759",
          "url": "https://www.suse.com/security/cve/CVE-2016-5759"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990200 for CVE-2016-5759",
          "url": "https://bugzilla.suse.com/990200"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-5759"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-5759 (GCVE-0-2016-5759)

Vulnerability from cvelistv5

cnvd-2017-33280

Vulnerability from cnvd

ghsa-wp6g-h882-vcw2

Vulnerability from github

gsd-2016-5759

Vulnerability from gsd

fkie_cve-2016-5759

Vulnerability from fkie_nvd

suse-su-2016:2553-1

Vulnerability from csaf_suse

opensuse-su-2024:10892-1

Vulnerability from csaf_opensuse

Tags

Sightings

Nomenclature