CVE-2016-7545

Опубликовано: 19 янв. 2017

Источник: debian

EPSS Низкий

Описание

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

Пакет	Статус	Версия исправления	Релиз	Тип
policycoreutils	fixed	2.5-3		package
policycoreutils	not-affected		jessie	package

https://bugzilla.redhat.com/show_bug.cgi?id=1378577
Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
Upstream fix: https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
Marked as exception as not-affected, although the source is affected but the built
binary packages do not contain the sandbox binary. We cannot use 'unimportant'
severity here since the unstable version builts a binary package which contains it.

EPSS

Процентиль: 9%

0.00036

Низкий

CVE-2016-7545

CVSS3: 8.8

ubuntu

больше 8 лет назад

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

CVE-2016-7545

CVSS3: 8.6

redhat

почти 9 лет назад

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

CVE-2016-7545

CVSS3: 8.8

nvd

больше 8 лет назад

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

SUSE-SU-2017:0340-1

suse-cvrf

больше 8 лет назад

Security update for policycoreutils

SUSE-SU-2017:0339-1

suse-cvrf

больше 8 лет назад

Security update for policycoreutils

EPSS

Процентиль: 9%

0.00036

Низкий