[email protected]CVE-2015-1815

HistoryMar 30, 2015 - 2:59 p.m.

CVE-2015-1815

2015-03-3014:59:03

CWE-77

[email protected]

web.nvd.nist.gov

nvd

cve-2015-1815

setroubleshoot

security vulnerability

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.228 Low

EPSS

Percentile

96.6%

JSON

The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.

Affected configurations

NVD

Node

selinuxsetroubleshootRange≤3.2.21

Node

fedoraprojectfedoraMatch22

CPENameOperatorVersion
selinux:setroubleshootselinux setroubleshootle3.2.21

CPE	Name	Operator	Version
selinux:setroubleshoot	selinux setroubleshoot	le	3.2.21

References

lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html

lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html

rhn.redhat.com/errata/RHSA-2015-0729.html

www.openwall.com/lists/oss-security/2015/03/26/1

www.osvdb.org/119966

www.securityfocus.com/bid/73374

bugzilla.redhat.com/show_bug.cgi?id=1203352

bugzilla.redhat.com/show_bug.cgi?id=1206050

github.com/stealth/troubleshooter

www.exploit-db.com/exploits/36564/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.228 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2015-1815

cvelist1 openvas8 centos1 fedora3 ubuntucve1 veracode1 prion1 nessus7 oraclelinux1 f52 redhat1 nvd1