Page 6 of 160 results (0.007 seconds)

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function. El complemento allow_execstack para setroubleshoot permite a los usuarios locales ejecutar comandos arbitrarios al activar una denegación SELinux de execstack con un nombre de archivo manipulado, relacionado con la función commands.getoutput. A shell command injection flaw was found in the way the setroubleshoot allow_execstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges. • http://seclists.org/oss-sec/2016/q2/575 http://www.securityfocus.com/bid/91427 http://www.securitytracker.com/id/1036144 https://access.redhat.com/errata/RHSA-2016:1293 https://bugzilla.redhat.com/show_bug.cgi?id=1339250 https://github.com/fedora-selinux/setroubleshoot/commit/eaccf4c0d20a27d3df5ff6de8c9dcc80f6f40718 https://rhn.redhat.com/errata/RHSA-2016-1267.html https://access.redhat.com/security/cve/CVE-2016-4446 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445. Setroubleshoot permite a los usuarios locales evitar un mecanismo de protección de contenedor previsto y ejecutar comandos arbitrarios al activar una denegación de SELinux con un nombre de archivo manipulado, que es manejado por la función _set_tpath en audit_data.py oa través de un (2) local_id o ( 3) campo analysis_id en un documento XML manipulado a la función run_fix en SetroubleshootFixit.py, relacionado con las funciones subprocess.check_output y commands.getstatusoutput, una vulnerabilidad diferente de CVE-2016-4445. Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges. • http://seclists.org/oss-sec/2016/q2/574 http://securitytracker.com/id/1036144 https://access.redhat.com/errata/RHSA-2016:1293 https://bugzilla.redhat.com/show_bug.cgi?id=1346461 https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad https://rhn.redhat.com/errata/RHSA-2016-1267.html https://access.redhat.com/security/cve/CVE-2016-4989 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function. El complemento allow_execmod para setroubleshoot en versiones anteriores a 3.2.23 permite a los usuarios locales ejecutar comandos arbitrarios al activar una denegación de SELinux de execmod con un nombre de archivo binario manipulado, relacionado con la función commands.getstatusoutput. A shell command injection flaw was found in the way the setroubleshoot allow_execmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges. • http://seclists.org/oss-sec/2016/q2/575 http://www.securityfocus.com/bid/91476 http://www.securitytracker.com/id/1036144 https://access.redhat.com/errata/RHSA-2016:1293 https://bugzilla.redhat.com/show_bug.cgi?id=1332644 https://github.com/fedora-selinux/setroubleshoot/commit/5cd60033ea7f5bdf8c19c27b23ea2d773d9b09f5 https://rhn.redhat.com/errata/RHSA-2016-1267.html https://access.redhat.com/security/cve/CVE-2016-4444 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. SPICE permite a usuarios invitados locales del sistema operativo leer de o escribir a localizaciones de memoria de acogidas arbitrarias a través de parámetros de superficie primaria manipulados, un problema similar a CVE-2015-5261. A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html http://www.debian.org/security/2016/dsa-3596 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-3014-1 https://access.redhat.com/errata/RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1205 https://bugzilla.redhat.com/show_bug.cgi?id=1313496 https://security.gentoo.org/glsa/201606& • CWE-284: Improper Access Control •

CVSS: 10.0EPSS: 3%CPEs: 19EXPL: 0

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow. La interacción smartcard en SPICE permite a atacantes remotos provocar un denegación de servicio (caída del proceso QEMU-KVM) o ejecutar, posiblemente, un código arbitrario a través de véctores relacionados con conectarse con un invitado VM, lo que ejecuta un desbordamiento de bufer basado en memoria dinámica. A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00003.html http://lists.opensuse.org/opensuse-updates/2016-07/msg00004.html http://www.debian.org/security/2016/dsa-3596 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.ubuntu.com/usn/USN-3014-1 https://access.redhat.com/errata/RHSA-2016:1204 https://access.redhat.com/errata/RHSA-2016:1205 https://security.gentoo.org/glsa/201606-05 https://access.redhat.com/security/cve/CVE-2016 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •