The fix_lookup_id function in sealert in setroubleshoot prior to 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
setroubleshoot project setroubleshoot |
||
redhat enterprise linux hpc node 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server 7.0 |