PT-2017-9220 · Selinux+3 · Policycoreutils+3

Federico Bento

·

Published

2016-11-14

·

Updated

2024-06-15

·

CVE-2016-7545

CVSS v3.1

8.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions policycoreutils (affected versions not specified)
Description The issue allows local users to execute arbitrary commands outside of the sandbox. This is achieved via a crafted TIOCSTI ioctl call.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CESA-2016_2702
CVE-2016-7545
DLA-638-1
OPENSUSE-SU-2024:10759-1
OPENSUSE-SU-2024:11179-1
RHSA-2016:2702
RHSA-2016_2702
RHSA-2017:0535
RHSA-2017:0536
SUSE-SU-2017:0338-1
SUSE-SU-2017:0339-1
SUSE-SU-2017:0340-1
SUSE-SU-2017_0338-1
SUSE-SU-2017_0339-1
SUSE-SU-2017_0340-1

Affected Products

Centos
Red Hat
Suse
Policycoreutils