High severity7.0OSV Advisory· Published Apr 11, 2017· Updated Jun 17, 2026
CVE-2016-4445
CVE-2016-4445
Description
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9setroubleshoot-3.2.21, setroubleshoot-3.2.22+ 1 more
- (no CPE)range: setroubleshoot-3.2.21, setroubleshoot-3.2.22
- (no CPE)range: <3.2.23
cpe:2.3:a:setroubleshoot_project:setroubleshoot:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:setroubleshoot_project:setroubleshoot:*:*:*:*:*:*:*:*range: <=3.2.22
- (no CPE)range: <3.2.23
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- Range: <3.2.23
Patches
Vulnerability mechanics
References
6- github.com/fedora-selinux/setroubleshoot/commit/2d12677629ca319310f6263688bb1b7f676c01b7nvdPatch
- seclists.org/oss-sec/2016/q2/575nvdExploitMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/91430nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036144nvdThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2016-1267.htmlnvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.