Vulnerability Description
The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
CVSS Score
7.8
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux Enterprise Desktop | 12.0 |
| Novell | Suse Linux Enterprise Server | 12.0 |
| Opensuse | Leap | 42.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html
- http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html
- http://lists.opensuse.org/opensuse-updates/2016-10/msg00083.html
- http://lists.suse.com/pipermail/sle-security-updates/2016-October/002337.html
FAQ
What is CVE-2016-5759?
CVE-2016-5759 is a vulnerability with a CVSS score of 7.8 (HIGH). The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.
How severe is CVE-2016-5759?
CVE-2016-5759 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5759?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Server, Opensuse Leap.