CVE-2016-4446
Description
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.076
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-3.0.47-12.el6_8.i686.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-3.0.47-12.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-doc-3.0.47-12.el6_8.i686.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-doc-3.0.47-12.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-plugins-3.0.40-3.1.el6_8.noarch.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-server-3.0.47-12.el6_8.i686.rpm | Linux |
| (RHSA-2016:1267) Important: setroubleshoot and setroubleshoot-plugins security update setroubleshoot-server-3.0.47-12.el6_8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234