CVE-2016-4989

Published: Apr 11, 2017Modified: May 13, 2026

7.0

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.

Affected (5)

Products: Setroubleshoot Project: Setroubleshoot · Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server, Enterprise Linux Workstation

Setroubleshoot Project

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Setroubleshoot Project Setroubleshoot	Up to -

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Hpc Node	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (14)

http://seclists.org/oss-sec/2016/q2/574

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://securitytracker.com/id/1036144

Source: secalert@redhat.com

PatchThird Party Advisory

https://access.redhat.com/errata/RHSA-2016:1293

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1346461

Source: secalert@redhat.com

Issue Tracking

https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f

Source: secalert@redhat.com

Patch

https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad

Source: secalert@redhat.com

Patch

https://rhn.redhat.com/errata/RHSA-2016-1267.html

Source: secalert@redhat.com

Third Party Advisory

http://seclists.org/oss-sec/2016/q2/574

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://securitytracker.com/id/1036144

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://access.redhat.com/errata/RHSA-2016:1293

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1346461

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3a0d5871827cdc40f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c5939fa219341e8f2ad

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://rhn.redhat.com/errata/RHSA-2016-1267.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.