Описание
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
A shell command injection flaw was found in the way the setroubleshoot allow_execstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | setroubleshoot-plugins | Not affected | ||
| Red Hat Enterprise Linux 6 | setroubleshoot | Fixed | RHSA-2016:1267 | 21.06.2016 |
| Red Hat Enterprise Linux 6 | setroubleshoot-plugins | Fixed | RHSA-2016:1267 | 21.06.2016 |
| Red Hat Enterprise Linux 7 | setroubleshoot | Fixed | RHSA-2016:1293 | 23.06.2016 |
| Red Hat Enterprise Linux 7 | setroubleshoot-plugins | Fixed | RHSA-2016:1293 | 23.06.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
ELSA-2016-1293: setroubleshoot and setroubleshoot-plugins security update (IMPORTANT)
ELSA-2016-1267: setroubleshoot and setroubleshoot-plugins security update (IMPORTANT)
EPSS
6.9 Medium
CVSS2