CVSS: 10.0EPSS: 22%CPEs: 2EXPL: 5CVE-2015-1815 – Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1815
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. La función get_rpm_nvr_by_file_path_temporary en util.py en setroubleshoot anterior a 3.2.22 permite a atacantes remotos ejecutar cpmandos arbitrarios a través de metacaracteres de shell en el nombre de un fichero. It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. • https://www.exploit-db.com/exploits/36564 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html http://rhn.redhat.com/errata/RHSA-2015-0729.html http://www.openwall.com/lists/oss-security/2015/03/26/1 http://www.osvdb.org/119966 http://www.securityfocus.com/bid/73374 https://bugzilla.redhat.com/ • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2007-5495 – setroubleshoot insecure logging
https://notcve.org/view.php?id=CVE-2007-5495
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file. Vulnerabilidad en sealert in setroubleshoot 2.0.5, permite a los usuarios locales sobrescribir ficheros arbitrarios a través de un ataque mediate enlace simbólico en el fichero temporal sealert.log • http://secunia.com/advisories/30339 http://securitytracker.com/id?1020077 http://www.redhat.com/support/errata/RHSA-2008-0061.html http://www.securityfocus.com/bid/29320 https://bugzilla.redhat.com/show_bug.cgi?id=288221 https://exchange.xforce.ibmcloud.com/vulnerabilities/42591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9705 https://access.redhat.com/security/cve/CVE-2007-5495 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 0CVE-2007-5496 – setroubleshoot log injection
https://notcve.org/view.php?id=CVE-2007-5496
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents for sealert. Vulnerabilidad de ejecución de código en sitios cruzados en setroubleshoot 2.0.5, permite a usuarios locales inyectar código web oi HTMl a através de (1) un fichero o (2) un nombre de proceso, con disparadores en la entrada del fichero de registro de Access Vector Cache (AVC), durante la creación de documentos HTML para sealert • http://secunia.com/advisories/30339 http://securitytracker.com/id?1020078 http://www.redhat.com/support/errata/RHSA-2008-0061.html http://www.securityfocus.com/bid/29324 https://bugzilla.redhat.com/show_bug.cgi?id=288271 https://exchange.xforce.ibmcloud.com/vulnerabilities/42592 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10455 https://access.redhat.com/security/cve/CVE-2007-5496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •