PT-2017-9220 · Selinux+3 · Policycoreutils+3

Federico Bento

·

Publicado

2016-11-14

·

Atualizado

2024-06-15

·

CVE-2016-7545

CVSS v3.1

8.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions policycoreutils (affected versions not specified)
Description The issue allows local users to execute arbitrary commands outside of the sandbox. This is achieved via a crafted TIOCSTI ioctl call.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CESA-2016_2702
CVE-2016-7545
DLA-638-1
OPENSUSE-SU-2024:10759-1
OPENSUSE-SU-2024:11179-1
RHSA-2016:2702
RHSA-2016_2702
RHSA-2017:0535
RHSA-2017:0536
SUSE-SU-2017:0338-1
SUSE-SU-2017:0339-1
SUSE-SU-2017:0340-1
SUSE-SU-2017_0338-1
SUSE-SU-2017_0339-1
SUSE-SU-2017_0340-1

Produtos afetados

Centos
Red Hat
Suse
Policycoreutils