Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2016-4989

Published: 11/04/2017 Updated: 17/04/2017
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Setroubleshoot Project

Vulnerability Summary

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

setroubleshoot project setroubleshoot

redhat enterprise linux workstation 7.0

redhat enterprise linux hpc node 7.0

redhat enterprise linux desktop 7.0

redhat enterprise linux server 7.0

Vendor Advisories

Red Hat: CVE-2016-4989
Shell command injection flaws were found in the way the setroubleshoot executed external commands A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges ...

References

CWE-77https://rhn.redhat.com/errata/RHSA-2016-1267.htmlhttps://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2adhttps://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40fhttps://bugzilla.redhat.com/show_bug.cgi?id=1346461https://access.redhat.com/errata/RHSA-2016:1293http://securitytracker.com/id/1036144http://seclists.org/oss-sec/2016/q2/574https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2016-4989
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook