CVE-2016-3067 Information
Feb 14, 2021
cve
Description
Cygwin before 2.5.0 does not properly handle updating permissions when changing users which allows attackers to gain privileges.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://cygwin.com/ml/cygwin/2016-02/msg00129.html https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.html https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=205862ed08649df8f50b926a2c58c963f571b044
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: