CVE-2016-4445
published 2017-04-11CVE-2016-4445: The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial…
high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| setroubleshoot_project | setroubleshoot | <= 3.2.22 | — |
| setroubleshoot_project | setroubleshoot | <= - | — |