Back to search
CVE-2016-7097
Published: Oct 16, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-3146-2
vendor-advisory
x_refsource_UBUNTU
USN-3146-1
vendor-advisory
x_refsource_UBUNTU
https://source.android.com/security/bulletin/2017-04-01
x_refsource_CONFIRM
92659
vdb-entry
x_refsource_BID
RHSA-2017:2669
vendor-advisory
x_refsource_REDHAT
[linux-fsdevel] 20160526 [PATCH 2/2] posix_acl: Clear SGID bit when modifying file permissions
mailing-list
x_refsource_MLIST
RHSA-2017:0817
vendor-advisory
x_refsource_REDHAT
USN-3147-1
vendor-advisory
x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=1368938
x_refsource_CONFIRM
RHSA-2017:2077
vendor-advisory
x_refsource_REDHAT
RHSA-2017:1842
vendor-advisory
x_refsource_REDHAT
[linux-fsdevel] 20160819 [PATCH v2] posix_acl: Clear SGID bit when setting file permissions
mailing-list
x_refsource_MLIST
1038201
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now