CVE-2016-3067

Published on: 04/21/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:02 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Cygwin from Cygwin contain the following vulnerability:

Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.

  • CVE-2016-3067 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
David Willis - RE: Possible Security Hole in SSHD w/ CYGWIN? Mailing List
Release Notes
Vendor Advisory
cygwin.com
text/html
URL Logo MLIST [cygwin] 20160208 Possible Security Hole in SSHD w/ CYGWIN?
sourceware.org Git - newlib-cygwin.git/commit Patch
sourceware.org
text/xml
URL Logo CONFIRM sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=205862ed08649df8f50b926a2c58c963f571b044
Corinna Vinschen - Cygwin 2.5.0-1 Mailing List
Release Notes
Vendor Advisory
cygwin.com
text/html
URL Logo MLIST [cygwin-announce] 20160411 Cygwin 2.5.0-1
Corinna Vinschen - TEST RELEASE: Cygwin 2.5.0-0.4 Mailing List
Release Notes
Vendor Advisory
cygwin.com
text/html
URL Logo MLIST [cygwin-announce] 20160218 TEST RELEASE: Cygwin 2.5.0-0.4
Yaakov Selkowitz - CVE-2016-3067: network privilege escalation in Cygwin set(e)uid Mailing List
Release Notes
Vendor Advisory
cygwin.com
text/html
URL Logo MLIST [cygwin-announce] 20160419 CVE-2016-3067: network privilege escalation in Cygwin set(e)ui

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCygwinCygwinAllAllAllAll
  • cpe:2.3:a:cygwin:cygwin:*:*:*:*:*:*:*:*: