CVE-2015-3170
https://notcve.org/view.php?id=CVE-2015-3170
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. La política selinux cuando fs.protected_hardlinks de sysctl se ajusta en 0 permite a los usuarios locales causar una denegación de servicio (prevención de inicio de sesión SSH) creando un enlace físico a /etc/passwd desde un directorio llamado .config y actualizando la política selinux. • https://bugzilla.redhat.com/show_bug.cgi?id=1218672 • CWE-254: 7PK - Security Features •
CVE-2016-7545 – policycoreutils: SELinux sandbox escape via TIOCSTI ioctl
https://notcve.org/view.php?id=CVE-2016-7545
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada. It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. • http://rhn.redhat.com/errata/RHSA-2016-2702.html http://rhn.redhat.com/errata/RHSA-2017-0535.html http://rhn.redhat.com/errata/RHSA-2017-0536.html http://www.openwall.com/lists/oss-security/2016/09/25/1 http://www.securityfocus.com/bid/93156 http://www.securitytracker.com/id/1037283 https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF https:& • CWE-284: Improper Access Control •
CVE-2015-1815 – Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1815
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. La función get_rpm_nvr_by_file_path_temporary en util.py en setroubleshoot anterior a 3.2.22 permite a atacantes remotos ejecutar cpmandos arbitrarios a través de metacaracteres de shell en el nombre de un fichero. It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. • https://www.exploit-db.com/exploits/36564 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html http://rhn.redhat.com/errata/RHSA-2015-0729.html http://www.openwall.com/lists/oss-security/2015/03/26/1 http://www.osvdb.org/119966 http://www.securityfocus.com/bid/73374 https://bugzilla.redhat.com/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2007-5496 – setroubleshoot log injection
https://notcve.org/view.php?id=CVE-2007-5496
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert. Vulnerabilidad de ejecución de código en sitios cruzados en setroubleshoot 2.0.5, permite a usuarios locales inyectar código web oi HTMl a através de (1) un fichero o (2) un nombre de proceso, con disparadores en la entrada del fichero de registro de Access Vector Cache (AVC), durante la creación de documentos HTML para sealert • http://secunia.com/advisories/30339 http://securitytracker.com/id?1020078 http://www.redhat.com/support/errata/RHSA-2008-0061.html http://www.securityfocus.com/bid/29324 https://bugzilla.redhat.com/show_bug.cgi?id=288271 https://exchange.xforce.ibmcloud.com/vulnerabilities/42592 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455 https://access.redhat.com/security/cve/CVE-2007-5496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5495 – setroubleshoot insecure logging
https://notcve.org/view.php?id=CVE-2007-5495
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. Vulnerabilidad en sealert in setroubleshoot 2.0.5, permite a los usuarios locales sobrescribir ficheros arbitrarios a través de un ataque mediate enlace simbólico en el fichero temporal sealert.log • http://secunia.com/advisories/30339 http://securitytracker.com/id?1020077 http://www.redhat.com/support/errata/RHSA-2008-0061.html http://www.securityfocus.com/bid/29320 https://bugzilla.redhat.com/show_bug.cgi?id=288221 https://exchange.xforce.ibmcloud.com/vulnerabilities/42591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705 https://access.redhat.com/security/cve/CVE-2007-5495 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •