Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-1815

Published: 30/03/2015 Updated: 13/02/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Selinux

Vulnerability Summary

The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot prior to 3.2.22 allows remote malicious users to execute arbitrary commands via shell metacharacters in a file name.

Vulnerable Product Search on Vulmon Subscribe to Product

selinux setroubleshoot

fedoraproject fedora 22

Vendor Advisories

Red Hat: CVE-2015-1815
It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command ...

Exploits

Exploit DB: Fedora 21 setroubleshootd 3.2.22 - Local Privilege Escalation
setroubleshoot tries to find out which rpm a particular file belongs to when it finds SELinux access violation reports The idea is probably to have convenient reports for the admin which type enforcement rules have to be relaxed setroubleshoot runs as root (although in its own domain) In utilpy we have: 266 def get_rpm_nvr_by_file_path_tempor ...

References

CWE-77http://www.openwall.com/lists/oss-security/2015/03/26/1https://github.com/stealth/troubleshooterhttps://bugzilla.redhat.com/show_bug.cgi?id=1206050http://rhn.redhat.com/errata/RHSA-2015-0729.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1203352http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.htmlhttps://www.exploit-db.com/exploits/36564/http://www.osvdb.org/119966http://www.securityfocus.com/bid/73374https://nvd.nist.govhttps://www.exploit-db.com/exploits/36564/https://access.redhat.com/security/cve/cve-2015-1815
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook