Vulnerability Details CVE-2016-3067
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html
- https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html
- https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.html
- https://cygwin.com/ml/cygwin/2016-02/msg00129.html
- https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=205862ed08649df8f50b926a2c58c963f571b044
- https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html
- https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html
- https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.html
- https://cygwin.com/ml/cygwin/2016-02/msg00129.html
- https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=205862ed08649df8f50b926a2c58c963f571b044
Products affected by CVE-2016-3067
-
cpe:2.3:a:cygwin:cygwin:1.7.10
-
cpe:2.3:a:cygwin:cygwin:1.7.11
-
cpe:2.3:a:cygwin:cygwin:1.7.12
-
cpe:2.3:a:cygwin:cygwin:1.7.13
-
cpe:2.3:a:cygwin:cygwin:1.7.14
-
cpe:2.3:a:cygwin:cygwin:1.7.15
-
cpe:2.3:a:cygwin:cygwin:1.7.16
-
cpe:2.3:a:cygwin:cygwin:1.7.17
-
cpe:2.3:a:cygwin:cygwin:1.7.18
-
cpe:2.3:a:cygwin:cygwin:1.7.19
-
cpe:2.3:a:cygwin:cygwin:1.7.2
-
cpe:2.3:a:cygwin:cygwin:1.7.21
-
cpe:2.3:a:cygwin:cygwin:1.7.22
-
cpe:2.3:a:cygwin:cygwin:1.7.23
-
cpe:2.3:a:cygwin:cygwin:1.7.24
-
cpe:2.3:a:cygwin:cygwin:1.7.25
-
cpe:2.3:a:cygwin:cygwin:1.7.26
-
cpe:2.3:a:cygwin:cygwin:1.7.27
-
cpe:2.3:a:cygwin:cygwin:1.7.28
-
cpe:2.3:a:cygwin:cygwin:1.7.29
-
cpe:2.3:a:cygwin:cygwin:1.7.3
-
cpe:2.3:a:cygwin:cygwin:1.7.31
-
cpe:2.3:a:cygwin:cygwin:1.7.32
-
cpe:2.3:a:cygwin:cygwin:1.7.33
-
cpe:2.3:a:cygwin:cygwin:1.7.34
-
cpe:2.3:a:cygwin:cygwin:1.7.35
-
cpe:2.3:a:cygwin:cygwin:1.7.4
-
cpe:2.3:a:cygwin:cygwin:1.7.5
-
cpe:2.3:a:cygwin:cygwin:1.7.6
-
cpe:2.3:a:cygwin:cygwin:1.7.7
-
cpe:2.3:a:cygwin:cygwin:1.7.8
-
cpe:2.3:a:cygwin:cygwin:1.7.9
-
cpe:2.3:a:cygwin:cygwin:1.8.0
-
cpe:2.3:a:cygwin:cygwin:2.0.0
-
cpe:2.3:a:cygwin:cygwin:2.0.1
-
cpe:2.3:a:cygwin:cygwin:2.0.2
-
cpe:2.3:a:cygwin:cygwin:2.0.3
-
cpe:2.3:a:cygwin:cygwin:2.0.4
-
cpe:2.3:a:cygwin:cygwin:2.1.0
-
cpe:2.3:a:cygwin:cygwin:2.2.0
-
cpe:2.3:a:cygwin:cygwin:2.2.1
-
cpe:2.3:a:cygwin:cygwin:2.3.0
-
cpe:2.3:a:cygwin:cygwin:2.3.1
-
cpe:2.3:a:cygwin:cygwin:2.4.0
-
cpe:2.3:a:cygwin:cygwin:2.4.1
-
cpe:2.3:a:cygwin:cygwin:2.4.1-1