VYPR

Setroubleshoot

by Selinux

Source repositories

CVEs (6)

  • CVE-2016-4989HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3)…

  • CVE-2016-4446HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.

  • CVE-2016-4445HigApr 11, 2017
    risk 0.46cvss 7.0epss 0.00

    The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.

  • CVE-2015-1815Mar 30, 2015
    risk 0.04cvss epss 0.16

    The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.

  • CVE-2007-5495May 23, 2008
    risk 0.00cvss epss 0.00

    sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file.

  • CVE-2007-5496May 23, 2008
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used during composition of HTML documents…