CVE-2016-4445
Description
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.07
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-3.0.47-12.el6_8.i686.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-3.0.47-12.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-server-3.0.47-12.el6_8.i686.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234