Vulnerability-Lookup

CVE-2016-5759 (GCVE-0-2016-5759)

Vulnerability from cvelistv5 – Published: 2017-09-08 18:00 – Updated: 2024-08-06 01:15

Summary

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

Severity

No CVSS data available.

CWE

Assigner

microfocus

References

2 references

URL	Tags
http://lists.suse.com/pipermail/sle-security-upda…	mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-updates/2016-1…	vendor-advisoryx_refsource_SUSE

Date Public

2016-10-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:15:10.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[sle-security-updates] 20161017 SUSE-SU-2016:2553-1: moderate: Security update for kdump",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
          },
          {
            "name": "openSUSE-SU-2016:2605",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:47.000Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "[sle-security-updates] 20161017 SUSE-SU-2016:2553-1: moderate: Security update for kdump",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
        },
        {
          "name": "openSUSE-SU-2016:2605",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-5759",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[sle-security-updates] 20161017 SUSE-SU-2016:2553-1: moderate: Security update for kdump",
              "refsource": "MLIST",
              "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
            },
            {
              "name": "openSUSE-SU-2016:2605",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-5759",
    "datePublished": "2017-09-08T18:00:00.000Z",
    "dateReserved": "2016-06-23T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:15:10.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-5759",
      "date": "2026-05-29",
      "epss": "0.00029",
      "percentile": "0.08999"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"6359EF76-9371-4418-8694-B604CF02CF63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"81D94366-47D6-445A-A811-39327B150FCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The mkdumprd script called \\\"dracut\\\" in the current working directory \\\".\\\" allows local users to trick the administrator into executing code as root.\"}, {\"lang\": \"es\", \"value\": \"El script mkdumprd llamado \\\"dracut\\\" en el directorio actual \\\".\\\" permite a los usuarios locales enga\\u00f1ar al administrador para que ejecute c\\u00f3digo como root.\"}]",
      "id": "CVE-2016-5759",
      "lastModified": "2024-11-21T02:54:58.040",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-09-08T18:29:00.267",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html\", \"source\": \"security@opentext.com\"}, {\"url\": \"http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html\", \"source\": \"security@opentext.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@opentext.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-5759\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2017-09-08T18:29:00.267\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The mkdumprd script called \\\"dracut\\\" in the current working directory \\\".\\\" allows local users to trick the administrator into executing code as root.\"},{\"lang\":\"es\",\"value\":\"El script mkdumprd llamado \\\"dracut\\\" en el directorio actual \\\".\\\" permite a los usuarios locales enga\u00f1ar al administrador para que ejecute c\u00f3digo como root.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6359EF76-9371-4418-8694-B604CF02CF63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"81D94366-47D6-445A-A811-39327B150FCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4863BE36-D16A-4D75-90D9-FD76DB5B48B7\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html\",\"source\":\"security@opentext.com\"},{\"url\":\"http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html\",\"source\":\"security@opentext.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2017-33280

Vulnerability from cnvd - Published: 2017-11-09

Title

Novell SUSE Linux Enterprise Server和Linux Enterprise Desktop任意代码执行漏洞

Description

Novell SuSE Linux Enterprise Server是美国Novell公司的一套企业服务器版Linux操作系统。Linux Enterprise Desktop是一套桌面版Linux系统。 Novell SUSE Linux Enterprise Server 12-SP1版本和Linux Enterprise Desktop 12-SP1版本中存在安全漏洞。攻击者可利用该漏洞以root权限执行代码。

Severity

中

Patch Name

Novell SUSE Linux Enterprise Server和Linux Enterprise Desktop任意代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://dracut.wiki.kernel.org/index.php/Main_Page

Reference

http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html

Impacted products

Name
['Novell SUSE Linux Enterprise Server 12-SP1', 'Novell SUSE Linux Enterprise Desktop 12-SP1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5759"
    }
  },
  "description": "Novell SuSE Linux Enterprise Server\u662f\u7f8e\u56fdNovell\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u670d\u52a1\u5668\u7248Linux\u64cd\u4f5c\u7cfb\u7edf\u3002Linux Enterprise Desktop\u662f\u4e00\u5957\u684c\u9762\u7248Linux\u7cfb\u7edf\u3002\r\n\r\nNovell SUSE Linux Enterprise Server 12-SP1\u7248\u672c\u548cLinux Enterprise Desktop 12-SP1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "unknow",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://dracut.wiki.kernel.org/index.php/Main_Page",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-33280",
  "openTime": "2017-11-09",
  "patchDescription": "Novell SuSE Linux Enterprise Server\u662f\u7f8e\u56fdNovell\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u670d\u52a1\u5668\u7248Linux\u64cd\u4f5c\u7cfb\u7edf\u3002Linux Enterprise Desktop\u662f\u4e00\u5957\u684c\u9762\u7248Linux\u7cfb\u7edf\u3002\r\n\r\nNovell SUSE Linux Enterprise Server 12-SP1\u7248\u672c\u548cLinux Enterprise Desktop 12-SP1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Novell SUSE Linux Enterprise Server\u548cLinux Enterprise Desktop\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Novell SUSE Linux Enterprise Server  12-SP1",
      "Novell SUSE Linux Enterprise Desktop 12-SP1"
    ]
  },
  "referenceLink": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-13",
  "title": "Novell SUSE Linux Enterprise Server\u548cLinux Enterprise Desktop\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2016-5759

Vulnerability from fkie_nvd - Published: 2017-09-08 18:29 - Updated: 2026-05-13 00:24

Severity

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

References

	URL	Tags
	security@opentext.com	http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html
	security@opentext.com	http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html
	af854a3a-2127-422b-91ae-364da2661108	http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html

Impacted products

Vendor	Product	Version
novell	suse_linux_enterprise_desktop	12.0
novell	suse_linux_enterprise_server	12.0
opensuse	leap	42.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6359EF76-9371-4418-8694-B604CF02CF63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "81D94366-47D6-445A-A811-39327B150FCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root."
    },
    {
      "lang": "es",
      "value": "El script mkdumprd llamado \"dracut\" en el directorio actual \".\" permite a los usuarios locales enga\u00f1ar al administrador para que ejecute c\u00f3digo como root."
    }
  ],
  "id": "CVE-2016-5759",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-08T18:29:00.267",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
    },
    {
      "source": "security@opentext.com",
      "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WP6G-H882-VCW2

Vulnerability from github – Published: 2022-05-14 02:12 – Updated: 2022-05-14 02:12

Details

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

Severity

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-5759"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-08T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
  "id": "GHSA-wp6g-h882-vcw2",
  "modified": "2022-05-14T02:12:20Z",
  "published": "2022-05-14T02:12:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5759"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-5759

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.

Aliases

CVE-2016-5759

Aliases

CVE-2016-5759

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5759",
    "description": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
    "id": "GSD-2016-5759",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-5759.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5759"
      ],
      "details": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
      "id": "GSD-2016-5759",
      "modified": "2023-12-13T01:21:25.232278Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "ID": "CVE-2016-5759",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[sle-security-updates] 20161017 SUSE-SU-2016:2553-1: moderate: Security update for kdump",
            "refsource": "MLIST",
            "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
          },
          {
            "name": "openSUSE-SU-2016:2605",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2016-5759"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[sle-security-updates] 20161017 SUSE-SU-2016:2553-1: moderate: Security update for kdump",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
            },
            {
              "name": "openSUSE-SU-2016:2605",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-30T16:27Z",
      "publishedDate": "2017-09-08T18:29Z"
    }
  }
}

OPENSUSE-SU-2024:10892-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

kdump-0.9.1-3.2 on GA media

Severity

Moderate

Notes

Title of the patch: kdump-0.9.1-3.2 on GA media

Description of the patch: These are all security issues fixed in the kdump-0.9.1-3.2 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10892

CVE-2016-5759

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64	—	Vendor Fix

Threats

Impact moderate

References

5 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2016-5759/	self
https://www.suse.com/security/cve/CVE-2016-5759	external
https://bugzilla.suse.com/990200	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "kdump-0.9.1-3.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the kdump-0.9.1-3.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10892",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10892-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-5759 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-5759/"
      }
    ],
    "title": "kdump-0.9.1-3.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10892-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.9.1-3.2.aarch64",
                "product": {
                  "name": "kdump-0.9.1-3.2.aarch64",
                  "product_id": "kdump-0.9.1-3.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.9.1-3.2.ppc64le",
                "product": {
                  "name": "kdump-0.9.1-3.2.ppc64le",
                  "product_id": "kdump-0.9.1-3.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.9.1-3.2.s390x",
                "product": {
                  "name": "kdump-0.9.1-3.2.s390x",
                  "product_id": "kdump-0.9.1-3.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.9.1-3.2.x86_64",
                "product": {
                  "name": "kdump-0.9.1-3.2.x86_64",
                  "product_id": "kdump-0.9.1-3.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.9.1-3.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64"
        },
        "product_reference": "kdump-0.9.1-3.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.9.1-3.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le"
        },
        "product_reference": "kdump-0.9.1-3.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.9.1-3.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x"
        },
        "product_reference": "kdump-0.9.1-3.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.9.1-3.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64"
        },
        "product_reference": "kdump-0.9.1-3.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-5759",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-5759"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64",
          "openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le",
          "openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x",
          "openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-5759",
          "url": "https://www.suse.com/security/cve/CVE-2016-5759"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990200 for CVE-2016-5759",
          "url": "https://bugzilla.suse.com/990200"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.aarch64",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.ppc64le",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.s390x",
            "openSUSE Tumbleweed:kdump-0.9.1-3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-5759"
    }
  ]
}

SUSE-SU-2016:2553-1

Vulnerability from csaf_suse - Published: 2016-10-17 13:09 - Updated: 2016-10-17 13:09

Summary

Security update for kdump

Severity

Moderate

Notes

Title of the patch: Security update for kdump

Description of the patch: This update for kdump provides several fixes and enhancements: - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. (bsc#943214) - Add a separate systemd service to rebuild kdumprd at boot. (bsc#943214) - Improve network setup in the kdump environment by reading configuration from wicked by default (system configuration files are used as a fallback). (bsc#980328) - Use the last mount entry in kdump_get_mountpoints(). (bsc#951844) - Remove 'notsc' from the kdump kernel command line. (bsc#973213) - Handle dump files with many program headers. (bsc#932339, bsc#970708) - Fall back to stat() if file type is DT_UNKNOWN. (bsc#964206) - Remove vm. sysctls from kdump initrd. (bsc#927451, bsc#987862) - Use the exit code of kexec, not that of 'local'. (bsc#984799) - Convert sysroot to a bind mount in kdump initrd. (bsc#976864) - Distinguish between Xenlinux (aka Xenified or SUSE) and pvops Xen kernels, as the latter can run on bare metal. (bsc#974270) - CVE-2016-5759: Use full path to dracut as argument to bash. (bsc#989972, bsc#990200)

Patchnames: SUSE-SLE-DESKTOP-12-SP1-2016-1492,SUSE-SLE-SERVER-12-SP1-2016-1492

CVE-2016-5759

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 7 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

21 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/927451	self
https://bugzilla.suse.com/932339	self
https://bugzilla.suse.com/943214	self
https://bugzilla.suse.com/951844	self
https://bugzilla.suse.com/964206	self
https://bugzilla.suse.com/970708	self
https://bugzilla.suse.com/973213	self
https://bugzilla.suse.com/974270	self
https://bugzilla.suse.com/976864	self
https://bugzilla.suse.com/980328	self
https://bugzilla.suse.com/984799	self
https://bugzilla.suse.com/987862	self
https://bugzilla.suse.com/989972	self
https://bugzilla.suse.com/990200	self
https://www.suse.com/security/cve/CVE-2016-5759/	self
https://www.suse.com/security/cve/CVE-2016-5759	external
https://bugzilla.suse.com/990200	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for kdump",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update for kdump provides several fixes and enhancements:\n\n- Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. (bsc#943214)\n- Add a separate systemd service to rebuild kdumprd at boot. (bsc#943214)\n- Improve network setup in the kdump environment by reading configuration from wicked\n  by default (system configuration files are used as a fallback). (bsc#980328)\n- Use the last mount entry in kdump_get_mountpoints(). (bsc#951844)\n- Remove \u0027notsc\u0027 from the kdump kernel command line. (bsc#973213)\n- Handle dump files with many program headers. (bsc#932339, bsc#970708)\n- Fall back to stat() if file type is DT_UNKNOWN. (bsc#964206)\n- Remove vm. sysctls from kdump initrd. (bsc#927451, bsc#987862)\n- Use the exit code of kexec, not that of \u0027local\u0027. (bsc#984799)\n- Convert sysroot to a bind mount in kdump initrd. (bsc#976864)\n- Distinguish between Xenlinux (aka Xenified or SUSE) and pvops Xen kernels, as the\n  latter can run on bare metal. (bsc#974270)\n- CVE-2016-5759: Use full path to dracut as argument to bash. (bsc#989972, bsc#990200)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-SP1-2016-1492,SUSE-SLE-SERVER-12-SP1-2016-1492",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2553-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:2553-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162553-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:2553-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 927451",
        "url": "https://bugzilla.suse.com/927451"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 932339",
        "url": "https://bugzilla.suse.com/932339"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 943214",
        "url": "https://bugzilla.suse.com/943214"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 951844",
        "url": "https://bugzilla.suse.com/951844"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 964206",
        "url": "https://bugzilla.suse.com/964206"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 970708",
        "url": "https://bugzilla.suse.com/970708"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 973213",
        "url": "https://bugzilla.suse.com/973213"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 974270",
        "url": "https://bugzilla.suse.com/974270"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 976864",
        "url": "https://bugzilla.suse.com/976864"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980328",
        "url": "https://bugzilla.suse.com/980328"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 984799",
        "url": "https://bugzilla.suse.com/984799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 987862",
        "url": "https://bugzilla.suse.com/987862"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 989972",
        "url": "https://bugzilla.suse.com/989972"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 990200",
        "url": "https://bugzilla.suse.com/990200"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-5759 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-5759/"
      }
    ],
    "title": "Security update for kdump",
    "tracking": {
      "current_release_date": "2016-10-17T13:09:55Z",
      "generator": {
        "date": "2016-10-17T13:09:55Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:2553-1",
      "initial_release_date": "2016-10-17T13:09:55Z",
      "revision_history": [
        {
          "date": "2016-10-17T13:09:55Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.8.15-29.1.ppc64le",
                "product": {
                  "name": "kdump-0.8.15-29.1.ppc64le",
                  "product_id": "kdump-0.8.15-29.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.8.15-29.1.s390x",
                "product": {
                  "name": "kdump-0.8.15-29.1.s390x",
                  "product_id": "kdump-0.8.15-29.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kdump-0.8.15-29.1.x86_64",
                "product": {
                  "name": "kdump-0.8.15-29.1.x86_64",
                  "product_id": "kdump-0.8.15-29.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP1",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64"
        },
        "product_reference": "kdump-0.8.15-29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le"
        },
        "product_reference": "kdump-0.8.15-29.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.s390x as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x"
        },
        "product_reference": "kdump-0.8.15-29.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1",
          "product_id": "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64"
        },
        "product_reference": "kdump-0.8.15-29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le"
        },
        "product_reference": "kdump-0.8.15-29.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x"
        },
        "product_reference": "kdump-0.8.15-29.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kdump-0.8.15-29.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64"
        },
        "product_reference": "kdump-0.8.15-29.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-5759",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-5759"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The mkdumprd script called \"dracut\" in the current working directory \".\" allows local users to trick the administrator into executing code as root.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x",
          "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-5759",
          "url": "https://www.suse.com/security/cve/CVE-2016-5759"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990200 for CVE-2016-5759",
          "url": "https://bugzilla.suse.com/990200"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP1:kdump-0.8.15-29.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.s390x",
            "SUSE Linux Enterprise Server 12 SP1:kdump-0.8.15-29.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kdump-0.8.15-29.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-10-17T13:09:55Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-5759"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-5759 (GCVE-0-2016-5759)

CNVD-2017-33280

FKIE_CVE-2016-5759

GHSA-WP6G-H882-VCW2

GSD-2016-5759

OPENSUSE-SU-2024:10892-1

SUSE-SU-2016:2553-1

Tags

Sightings

Nomenclature