Back to bug 1332644
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-05-03 15:57:24 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-05-03 15:57:24 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-05-03 15:59:10 UTC | Blocks | 1332645 | |
| Adam Mariš | 2016-05-04 10:49:13 UTC | Depends On | 1332411 | |
| Tomas Hoger | 2016-05-24 10:37:56 UTC | Fixed In Version | setroubleshoot-plugins 3.2.23 | |
| Tomas Hoger | 2016-05-24 10:42:08 UTC | Summary | EMBARGOED setroubleshoot-plugins: execmod and execstack plugins use unsafe commands allowing command execution | EMBARGOED setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin |
| Whiteboard | impact=important,public=no,reported=20160503,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-77,rhel-5/setroubleshoot-plugins=new,rhel-6/setroubleshoot-plugins=affected,rhel-7/setroubleshoot-plugins=new,fedora-all/setroubleshoot-plugins=affected | impact=important,public=no,reported=20160503,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-77,rhel-5/setroubleshoot-plugins=notaffected,rhel-6/setroubleshoot-plugins=affected,rhel-7/setroubleshoot-plugins=affected,fedora-all/setroubleshoot-plugins=notaffected | ||
| Adam Mariš | 2016-05-24 11:54:01 UTC | Summary | EMBARGOED setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin | EMBARGOED CVE-2016-4444 setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin |
| Alias | CVE-2016-4444 | |||
| Tomas Hoger | 2016-05-24 19:57:41 UTC | Doc Text | A shell command injection flaw was found in the way the setroubleshoot allow_execmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges. | |
| Tomas Hoger | 2016-05-24 20:17:52 UTC | Depends On | 1339369 | |
| Tomas Hoger | 2016-05-24 20:18:00 UTC | Depends On | 1339370 | |
| Tomas Hoger | 2016-05-24 20:18:04 UTC | Depends On | 1339372 | |
| Tomas Hoger | 2016-06-14 21:21:42 UTC | Whiteboard | impact=important,public=no,reported=20160503,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-77,rhel-5/setroubleshoot-plugins=notaffected,rhel-6/setroubleshoot-plugins=affected,rhel-7/setroubleshoot-plugins=affected,fedora-all/setroubleshoot-plugins=notaffected | impact=important,public=20160621,reported=20160503,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-77,rhel-5/setroubleshoot-plugins=notaffected,rhel-6/setroubleshoot-plugins=affected,rhel-7/setroubleshoot-plugins=affected,fedora-all/setroubleshoot-plugins=notaffected |
| Tomas Hoger | 2016-06-21 11:37:40 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-4444 setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin | CVE-2016-4444 setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin | ||
| Tomas Hoger | 2016-06-23 10:55:52 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-06-23 06:55:52 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=important,public=20160621,reported=20160503,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-77,rhel-5/setroubleshoot-plugins=notaffected,rhel-6/setroubleshoot-plugins=affected,rhel-7/setroubleshoot-plugins=affected,fedora-all/setroubleshoot-plugins=notaffected |
Back to bug 1332644