CVE-2016-4446

Published: Apr 11, 2017Modified: May 13, 2026

7.0

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.

Affected (5)

Products: Setroubleshoot Project: Setroubleshoot · Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server, Enterprise Linux Workstation

Setroubleshoot Project

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Setroubleshoot Project Setroubleshoot	Up to -

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Hpc Node	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (14)

http://seclists.org/oss-sec/2016/q2/575

Source: secalert@redhat.com

ExploitMailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/91427

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036144

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1293

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1339250

Source: secalert@redhat.com

Issue Tracking

https://github.com/fedora-selinux/setroubleshoot/commit/eaccf4c0d20a27d3df5ff6de8c9dcc80f6f40718

Source: secalert@redhat.com

Patch

https://rhn.redhat.com/errata/RHSA-2016-1267.html

Source: secalert@redhat.com

Third Party Advisory

http://seclists.org/oss-sec/2016/q2/575

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/91427

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1036144

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2016:1293

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1339250

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/fedora-selinux/setroubleshoot/commit/eaccf4c0d20a27d3df5ff6de8c9dcc80f6f40718

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://rhn.redhat.com/errata/RHSA-2016-1267.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.