The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-10-16T21:00:00

Updated: 2024-08-06T01:50:47.362Z

Reserved: 2016-08-26T00:00:00

Link: CVE-2016-7097

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-10-16T21:59:11.147

Modified: 2023-02-12T23:25:19.473

Link: CVE-2016-7097

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-05-26T00:00:00Z

Links: CVE-2016-7097 - Bugzilla