It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command.
Find out more about CVE-2015-1815 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 6.8 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 6 (setroubleshoot) | RHSA-2015:0729 | 2015-03-26 |
Red Hat Enterprise Linux 5 (setroubleshoot) | RHSA-2015:0729 | 2015-03-26 |
Red Hat Enterprise Linux 7 (setroubleshoot) | RHSA-2015:0729 | 2015-03-26 |