CVE-2016-7545

CWE-284Improper Access Control10 documents7 sources
Severity
8.8HIGH
EPSS
0.1%
top 78.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Fedoraproject FedoraRedhat Enterprise Linux DesktopRedhat Enterprise Linux HPC Node+3 more
Timeline
PublishedJan 19
Latest updateMay 14

Description

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages5 packages

Debianpolicycoreutils< 2.5-3+3

Also affects: Enterprise Linux 7.3, Fedora 25

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-38gv-g72v-rp63: SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call2022-05-14
OSV
CVE-2016-7545: SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call2017-01-19
CVEList
CVE-2016-7545: SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call2017-01-19

📋Vendor Advisories

2
Red Hat
policycoreutils: SELinux sandbox escape via TIOCSTI ioctl2016-09-22
Debian
CVE-2016-7545: policycoreutils - SELinux policycoreutils allows local users to execute arbitrary commands outside...2016

💬Community

4
Bugzilla
CVE-2016-7545 policycoreutils: SELinux sandbox escape via TIOCSTI ioctl [fedora-all]2016-09-23
Bugzilla
CVE-2016-7545 policycoreutils: SELinux sandbox escape via TIOCSTI ioctl2016-09-22
Bugzilla
CVE-2016-3105 mercurial: arbitrary code execution when converting git repos2016-05-04
Bugzilla
CVE-2016-3068 mercurial: command injection via git subrepository urls2016-03-21
CVE-2016-7545 (HIGH CVSS 8.8) | SELinux policycoreutils allows loca | cvebase.io