CVE-2016-6299
First published: Tue Sep 13 2016(Updated: )
It was found that mock's scm plug-in would parse a given spec file with root priviliges. This could allow an attacker who is able to start a build of an rpm with a specially crafted spec file within mock's environment to elevate their priviliges and escape the chroot. The vulnerable code in scm.py is: ts = rpm.ts() rpm_spec = ts.parseSpec(self.spec) # the spec file is parsed as root self.name = rpm.expandMacro("%{name}")
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedora | =23 | |
| Fedora | =24 | |
| Fedora | =25 | |
| Mock Project SCM Plugin |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2016/09/13/2
- http://www.securityfocus.com/bid/92948
- https://bugzilla.redhat.com/show_bug.cgi?id=1375490
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFC4LU6GYYEVUK6LQ2FKUGMZXRTLLL5A/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VYLMPA5VLLX67DUJ6XLJ2TIW6CX2CFL4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5PH2YGYWYUAYPHK32SGUZGZXQEBEYNK/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1375493
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1375496
Frequently Asked Questions
What is the severity of CVE-2016-6299?
CVE-2016-6299 is considered a high-severity vulnerability due to potential privilege escalation.
How do I fix CVE-2016-6299?
The recommended fix for CVE-2016-6299 is to update the mock package to a version where the vulnerability has been patched.
Who is affected by CVE-2016-6299?
CVE-2016-6299 affects users of Fedora versions 23, 24, and 25 that utilize the mock's scm plugin.
What can an attacker do with CVE-2016-6299?
An attacker can exploit CVE-2016-6299 to elevate privileges and escape the chroot environment when starting a build with a crafted spec file.
What software is involved in CVE-2016-6299?
CVE-2016-6299 involves the mock project scm plugin and affects specific versions of the Fedora operating system.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-6299
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/fedoraproject
- canonical/fedora
- version/fedora/23
- version/fedora/24
- version/fedora/25
- vendor/mock project
- canonical/mock project scm plugin