Описание
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
A shell command injection flaw was found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use this flaw to execute arbitrary code with root privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | setroubleshoot | Not affected | ||
| Red Hat Enterprise Linux 6 | setroubleshoot | Fixed | RHSA-2016:1267 | 21.06.2016 |
| Red Hat Enterprise Linux 6 | setroubleshoot-plugins | Fixed | RHSA-2016:1267 | 21.06.2016 |
| Red Hat Enterprise Linux 7 | setroubleshoot | Fixed | RHBA-2015:2287 | 19.11.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS2
Связанные уязвимости
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
ELSA-2016-1267: setroubleshoot and setroubleshoot-plugins security update (IMPORTANT)
EPSS
6.2 Medium
CVSS2