Privilege Escalation in Mock Plugin by Red Hat
CVE-2016-6299

7.8HIGH

Key Information:

Vendor

Fedoraproject

Status
Fedora
Vendor
CVE Published:
14 April 2017

What is CVE-2016-6299?

The mock plug-in in Red Hat's package management system has a vulnerability that may allow attackers to bypass the chroot protection mechanism. By crafting a specific spec file, an adversary could potentially gain root privileges, posing a security risk to the system. This could lead to unauthorized access and control over the system, highlighting the importance of timely updates and security patches.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1375490
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.