CVE Identifier: CVE-2016-2856 Vulnerability Type: Arbitrary Pts Access via User Namespace Description: - pt_chown in glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing. This vulnerability allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. Associated Files/Commits: - http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403 - http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eeecfcb2b7d308c958 Additional Issue: The TIOCGPTN ioctl is also problematic when used with USERNS and other tools, as it can be exploited through programs calling it SUID. Recommendation: The recommendation is to add information about this risk/attack method to the kernel docs/man-page of TIOCGPTN or consider it as a separate vulnerability with a need for its own CVE.