Lucene search
Veracode Vulnerability DatabaseVERACODE:17018HistoryMay 02, 2019 - 5:34 a.m.
Arbitrary Command Execution
2019-05-0205:34:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.0004 Low
EPSS
Percentile
5.1%
setroubleshoot is vulnerable to arbitrary command execution. The vulnerability exists due to the ability to trigger a SELinux denial through a file name, handled by the _set_tpath function.
References
seclists.org/oss-sec/2016/q2/574
securitytracker.com/id/1036144
access.redhat.com/errata/RHSA-2016:1267
access.redhat.com/errata/RHSA-2016:1293
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1346461
github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f
github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad
rhn.redhat.com/errata/RHSA-2016-1267.html
Related
redhatcve
redhatcve
CVE-2016-4989
2016-06-21 11:48:28
prion
prion
Design/Logic Flaw
2017-04-11 18:59:00
cvelist
cvelist
CVE-2016-4989
2017-04-11 18:00:00
nvd
nvd
CVE-2016-4989
2017-04-11 18:59:00
cve
cve
CVE-2016-4989
2017-04-11 18:59:00
osv
osv
CVE-2016-4989
2017-04-11 18:59:00
nessus
nessus
RHEL 7 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1293)
2016-06-24 00:00:00
Oracle Linux 7 : setroubleshoot / setroubleshoot-plugins (ELSA-2016-1293)
2016-06-24 00:00:00
CentOS 7 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1293)
2016-06-24 00:00:00
openvas
openvas
CentOS Update for setroubleshoot CESA-2016:1293 centos7
2016-06-24 00:00:00
CentOS Update for setroubleshoot-plugins CESA-2016:1293 centos7
2016-06-24 00:00:00
centos
centos
setroubleshoot security update
2016-06-23 23:41:47
setroubleshoot security update
2016-06-21 19:07:23
redhat
redhat
oraclelinux
oraclelinux
setroubleshoot and setroubleshoot-plugins security update
2016-06-23 00:00:00
setroubleshoot and setroubleshoot-plugins security update
2016-06-21 00:00:00
