Vulnerability Description
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cygwin | Cygwin | <= 2.4.1-1 |
Related Weaknesses (CWE)
References
- https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.htmlMailing ListRelease NotesVendor Advisory
- https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.htmlMailing ListRelease NotesVendor Advisory
- https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.htmlMailing ListRelease NotesVendor Advisory
- https://cygwin.com/ml/cygwin/2016-02/msg00129.htmlMailing ListRelease NotesVendor Advisory
- https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=205862ed08649df8f
- https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.htmlMailing ListRelease NotesVendor Advisory
- https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.htmlMailing ListRelease NotesVendor Advisory
- https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.htmlMailing ListRelease NotesVendor Advisory
- https://cygwin.com/ml/cygwin/2016-02/msg00129.htmlMailing ListRelease NotesVendor Advisory
- https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=205862ed08649df8f
FAQ
What is CVE-2016-3067?
CVE-2016-3067 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.
How severe is CVE-2016-3067?
CVE-2016-3067 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-3067?
Check the references section above for vendor advisories and patch information. Affected products include: Cygwin Cygwin.