CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1CVE-2016-4444 – setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin
https://notcve.org/view.php?id=CVE-2016-4444
22 Jun 2016 — The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function. El complemento allow_execmod para setroubleshoot en versiones anteriores a 3.2.23 permite a los usuarios locales ejecutar comandos arbitrarios al activar una denegación de SELinux de execmod con un nombre de archivo binario manipulado, relacionado con la función commands.getstatusou... • http://seclists.org/oss-sec/2016/q2/575 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1CVE-2016-4445 – setroubleshoot: insecure use of commands.getstatusoutput in sealert
https://notcve.org/view.php?id=CVE-2016-4445
22 Jun 2016 — The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function. La función fix_lookup_id en sealert en setroubleshoot en versiones anteriores a 3.2.23 permite a los usuarios locales ejecutar comandos arbitrarios como root activando una denegación de SELinux con un nombre de archivo manipulado, relacionado c... • http://seclists.org/oss-sec/2016/q2/575 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1CVE-2016-4446 – setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin
https://notcve.org/view.php?id=CVE-2016-4446
22 Jun 2016 — The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function. El complemento allow_execstack para setroubleshoot permite a los usuarios locales ejecutar comandos arbitrarios al activar una denegación SELinux de execstack con un nombre de archivo manipulado, relacionado con la función commands.getoutput. A shell command injection flaw was found in the way the setroub... • http://seclists.org/oss-sec/2016/q2/575 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2016-4989 – setroubleshoot: command injection issues
https://notcve.org/view.php?id=CVE-2016-4989
22 Jun 2016 — setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445. Setroubleshoot... • http://seclists.org/oss-sec/2016/q2/574 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •