Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API.
{"id": "FEDORA:3F9E9608EE40", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 25 Update: libselinux-2.5-12.fc25", "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API. ", "published": "2016-10-10T18:06:51", "modified": "2016-10-10T18:06:51", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 6.0}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OKN7AFZFPXKRYFUHD67AGQT5JP5GREBF/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2016-7545"], "immutableFields": [], "lastseen": "2020-12-21T08:17:53", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-765"]}, {"type": "centos", "idList": ["CESA-2016:2702"]}, {"type": "cve", "idList": ["CVE-2016-7545"]}, {"type": "debian", "idList": ["DEBIAN:DLA-638-1:55A32"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-7545"]}, {"type": "f5", "idList": ["F5:K53411527"]}, {"type": "fedora", "idList": ["FEDORA:10B49608B7EB", "FEDORA:1B50B608EC12", "FEDORA:273E0608EC33", "FEDORA:31859608EC38", "FEDORA:4EAA8608EE4B"]}, {"type": "ibm", "idList": ["233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "7E43219682AAA97E33DA50421D1BF6893CF53EA7F4D7F218F5494A31DF1739F6", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-765.NASL", "CENTOS_RHSA-2016-2702.NASL", "DEBIAN_DLA-638.NASL", "EULEROS_SA-2016-1083.NASL", "FEDORA_2016-B7E8E980EF.NASL", "ORACLELINUX_ELSA-2016-2702.NASL", "ORACLEVM_OVMSA-2016-0157.NASL", "REDHAT-RHSA-2016-2702.NASL", "REDHAT-RHSA-2017-0535.NASL", "REDHAT-RHSA-2017-0536.NASL", "SL_20161114_POLICYCOREUTILS_ON_SL6_X.NASL", "SUSE_SU-2017-0338-1.NASL", "SUSE_SU-2017-0339-1.NASL", "SUSE_SU-2017-0340-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871715", "OPENVAS:1361412562310871970", "OPENVAS:1361412562310871986", "OPENVAS:1361412562310871999", "OPENVAS:1361412562310872007", "OPENVAS:1361412562310872024", "OPENVAS:1361412562310872051", "OPENVAS:1361412562310882599", "OPENVAS:1361412562311220161083"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2702"]}, {"type": "redhat", "idList": ["RHSA-2016:2702", "RHSA-2017:0535", "RHSA-2017:0536"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-7545"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-7545"]}], "rev": 4}, "score": {"value": 5.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2016:2702"]}, {"type": "debian", "idList": ["DEBIAN:DLA-638-1:55A32"]}, {"type": "fedora", "idList": ["FEDORA:273E0608EC33"]}, {"type": "ibm", "idList": ["A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2016-2702.NASL", "DEBIAN_DLA-638.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871986"]}, {"type": "redhat", "idList": ["RHSA-2016:2702"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-7545"]}]}, "exploitation": null, "vulnersScore": 5.7}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "25", "arch": "any", "packageName": "libselinux", "packageVersion": "2.5", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"nessus": [{"lastseen": "2021-08-19T12:38:04", "description": "This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-01T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2017:0340-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:policycoreutils", "p-cpe:/a:novell:suse_linux:policycoreutils-debuginfo", "p-cpe:/a:novell:suse_linux:policycoreutils-debugsource", "p-cpe:/a:novell:suse_linux:policycoreutils-python", "p-cpe:/a:novell:suse_linux:policycoreutils-python-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0340-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0340-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96925);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2017:0340-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent\n [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7545/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170340-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?410d1872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-173=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-2.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-debuginfo-2.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-debugsource-2.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-python-2.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-python-debuginfo-2.3-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:51", "description": "An update for policycoreutils is now available for Red Hat Enterprise Linux 7.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "RHEL 7 : policycoreutils (RHSA-2017:0536)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:policycoreutils", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-python", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox", "cpe:/o:redhat:enterprise_linux:7.1"], "id": "REDHAT-RHSA-2017-0536.NASL", "href": "https://www.tenable.com/plugins/nessus/97769", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0536. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97769);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"RHSA\", value:\"2017:0536\");\n\n script_name(english:\"RHEL 7 : policycoreutils (RHSA-2017:0536)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for policycoreutils is now available for Red Hat Enterprise\nLinux 7.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7545\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0536\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"policycoreutils-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"policycoreutils-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"policycoreutils-debuginfo-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", reference:\"policycoreutils-devel-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"policycoreutils-gui-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"policycoreutils-newrole-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"policycoreutils-python-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"policycoreutils-restorecond-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"s390x\", reference:\"policycoreutils-sandbox-2.2.5-16.el7_1\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"1\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.2.5-16.el7_1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-debuginfo / policycoreutils-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:09", "description": "According to the version of the policycoreutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : policycoreutils (EulerOS-SA-2016-1083)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:policycoreutils", "p-cpe:/a:huawei:euleros:policycoreutils-devel", "p-cpe:/a:huawei:euleros:policycoreutils-gui", "p-cpe:/a:huawei:euleros:policycoreutils-newrole", "p-cpe:/a:huawei:euleros:policycoreutils-python", "p-cpe:/a:huawei:euleros:policycoreutils-sandbox", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/99842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99842);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-7545\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : policycoreutils (EulerOS-SA-2016-1083)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the policycoreutils packages installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - It was found that the sandbox tool provided in\n policycoreutils was vulnerable to a TIOCSTI ioctl\n attack. A specially crafted program executed via the\n sandbox command could use this flaw to execute\n arbitrary commands in the context of the parent shell,\n escaping the sandbox. (CVE-2016-7545)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1083\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?351f8987\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected policycoreutils package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"policycoreutils-2.2.5-15.h1\",\n \"policycoreutils-devel-2.2.5-15.h1\",\n \"policycoreutils-gui-2.2.5-15.h1\",\n \"policycoreutils-newrole-2.2.5-15.h1\",\n \"policycoreutils-python-2.2.5-15.h1\",\n \"policycoreutils-sandbox-2.2.5-15.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:18", "description": "From Red Hat Security Advisory 2016:2702 :\n\nAn update for policycoreutils is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : policycoreutils (ELSA-2016-2702)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:policycoreutils", "p-cpe:/a:oracle:linux:policycoreutils-devel", "p-cpe:/a:oracle:linux:policycoreutils-gui", "p-cpe:/a:oracle:linux:policycoreutils-newrole", "p-cpe:/a:oracle:linux:policycoreutils-python", "p-cpe:/a:oracle:linux:policycoreutils-restorecond", "p-cpe:/a:oracle:linux:policycoreutils-sandbox", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2016-2702.NASL", "href": "https://www.tenable.com/plugins/nessus/94895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2702 and \n# Oracle Linux Security Advisory ELSA-2016-2702 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94895);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"RHSA\", value:\"2016:2702\");\n\n script_name(english:\"Oracle Linux 6 / 7 : policycoreutils (ELSA-2016-2702)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2702 :\n\nAn update for policycoreutils is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006507.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006508.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected policycoreutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-2.0.83-30.1.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-gui-2.0.83-30.1.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-newrole-2.0.83-30.1.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-python-2.0.83-30.1.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-sandbox-2.0.83-30.1.0.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-devel-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.5-9.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-devel / policycoreutils-gui / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:18", "description": "An update for policycoreutils is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : policycoreutils (RHSA-2016:2702)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:policycoreutils", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-python", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2702.NASL", "href": "https://www.tenable.com/plugins/nessus/94896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2702. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94896);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"RHSA\", value:\"2016:2702\");\n\n script_name(english:\"RHEL 6 / 7 : policycoreutils (RHSA-2016:2702)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for policycoreutils is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7545\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2702\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-debuginfo-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-debuginfo-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-debuginfo-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"policycoreutils-debuginfo-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"policycoreutils-devel-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-gui-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-newrole-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-python-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-restorecond-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-sandbox-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.5-9.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-debuginfo / policycoreutils-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:56", "description": "An update for policycoreutils is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-21T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : policycoreutils (CESA-2016:2702)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:policycoreutils", "p-cpe:/a:centos:centos:policycoreutils-devel", "p-cpe:/a:centos:centos:policycoreutils-gui", "p-cpe:/a:centos:centos:policycoreutils-newrole", "p-cpe:/a:centos:centos:policycoreutils-python", "p-cpe:/a:centos:centos:policycoreutils-restorecond", "p-cpe:/a:centos:centos:policycoreutils-sandbox", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2702.NASL", "href": "https://www.tenable.com/plugins/nessus/94978", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2702 and \n# CentOS Errata and Security Advisory 2016:2702 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94978);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"RHSA\", value:\"2016:2702\");\n\n script_name(english:\"CentOS 6 / 7 : policycoreutils (CESA-2016:2702)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for policycoreutils is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-November/022147.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d16654a\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003686.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abaedde6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected policycoreutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7545\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"policycoreutils-devel-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.5-9.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-devel / policycoreutils-gui / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:07", "description": "This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-01T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2017:0338-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:policycoreutils", "p-cpe:/a:novell:suse_linux:policycoreutils-debuginfo", "p-cpe:/a:novell:suse_linux:policycoreutils-debugsource", "p-cpe:/a:novell:suse_linux:policycoreutils-python", "p-cpe:/a:novell:suse_linux:policycoreutils-python-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0338-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0338-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96923);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2017:0338-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent\n [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7545/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170338-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee0a1ad6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-172=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-172=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-debuginfo-2.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-debugsource-2.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-python-debuginfo-2.5-6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:15", "description": "This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-01T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : policycoreutils (SUSE-SU-2017:0339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:policycoreutils", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0339-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96924);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"SUSE SLES11 Security Update : policycoreutils (SUSE-SU-2017:0339-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent\n [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7545/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170339-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce367dae\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-policycoreutils-12963=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-policycoreutils-12963=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"policycoreutils-2.0.79-4.8.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T01:18:59", "description": "It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : policycoreutils (ALAS-2016-765)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:policycoreutils", "p-cpe:/a:amazon:linux:policycoreutils-debuginfo", "p-cpe:/a:amazon:linux:policycoreutils-newrole", "p-cpe:/a:amazon:linux:policycoreutils-python", "p-cpe:/a:amazon:linux:policycoreutils-restorecond", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-765.NASL", "href": "https://www.tenable.com/plugins/nessus/94685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-765.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94685);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"ALAS\", value:\"2016-765\");\n\n script_name(english:\"Amazon Linux AMI : policycoreutils (ALAS-2016-765)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent bash, escaping the\nsandbox.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update policycoreutils' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-2.1.12-5.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-debuginfo-2.1.12-5.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-newrole-2.1.12-5.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-python-2.1.12-5.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-restorecond-2.1.12-5.25.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:29", "description": "This update backports several fixes from upstream and also fixes sandbox issues including CVE-2016-7545\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "type": "nessus", "title": "Fedora 25 : checkpolicy / libselinux / libsemanage / libsepol / policycoreutils / etc (2016-b7e8e980ef)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:checkpolicy", "p-cpe:/a:fedoraproject:fedora:libselinux", "p-cpe:/a:fedoraproject:fedora:libsemanage", "p-cpe:/a:fedoraproject:fedora:libsepol", "p-cpe:/a:fedoraproject:fedora:policycoreutils", "p-cpe:/a:fedoraproject:fedora:secilc", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-B7E8E980EF.NASL", "href": "https://www.tenable.com/plugins/nessus/94854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-b7e8e980ef.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94854);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n\n script_name(english:\"Fedora 25 : checkpolicy / libselinux / libsemanage / libsepol / policycoreutils / etc (2016-b7e8e980ef)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update backports several fixes from upstream and also fixes\nsandbox issues including CVE-2016-7545\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7e8e980ef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:checkpolicy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libselinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsemanage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsepol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:secilc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"checkpolicy-2.5-8.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"libselinux-2.5-12.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"libsemanage-2.5-8.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"libsepol-2.5-10.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"policycoreutils-2.5-17.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"secilc-2.5-6.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"checkpolicy / libselinux / libsemanage / libsepol / policycoreutils / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:05", "description": "It was discovered that there was a sandbox escape via the 'TIOCSTI' ioctl in policycoreutils, a set of programs required for the basic operation of an SELinux-based system.\n\nFor Debian 7 'Wheezy', this issue has been fixed in policycoreutils version 2.1.10-9+deb7u1.\n\nWe recommend that you upgrade your policycoreutils packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-09-26T00:00:00", "type": "nessus", "title": "Debian DLA-638-1 : policycoreutils security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:policycoreutils", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-638.NASL", "href": "https://www.tenable.com/plugins/nessus/93691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-638-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93691);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"Debian DLA-638-1 : policycoreutils security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a sandbox escape via the 'TIOCSTI'\nioctl in policycoreutils, a set of programs required for the basic\noperation of an SELinux-based system.\n\nFor Debian 7 'Wheezy', this issue has been fixed in policycoreutils\nversion 2.1.10-9+deb7u1.\n\nWe recommend that you upgrade your policycoreutils packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/09/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/policycoreutils\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected policycoreutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"policycoreutils\", reference:\"2.1.10-9+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:39:42", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Lazy unmount private, shared entry(Joe Jin)[orabug 12560705]\n\n - sandbox: create a new session for sandboxed processes Resolves: (CVE-2016-7545)\n\n - Update translations Resolves: rhbz#819794\n\n - Fix sepolgen test cases Resolves: rhbz#1306550\n\n - sandbox: Improve comments in sysconfig file Resolves:\n rhbz#1159336\n\n - secon, newrole: fix inconsistence between --help and man page Resolves: rhbz#1278811, rhbz#1278913\n\n - restorecond: treat root as a regular user Resolves:\n rhbz#1281877\n\n - semanage: don't skip reserver_port_t Resolves:\n rhbz#1225806\n\n - semanage: check if a store exists Resolves: rhbz#1208801\n\n - fixfiles: check the SELinux status Resolves:\n rhbz#1240788\n\n - semanage: Use OrderedDict for list of fcontexts Resolves: rhbz#1206767", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-16T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : policycoreutils (OVMSA-2016-0157)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:policycoreutils", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0157.NASL", "href": "https://www.tenable.com/plugins/nessus/94909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0157.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94909);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : policycoreutils (OVMSA-2016-0157)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Lazy unmount private, shared entry(Joe Jin)[orabug\n 12560705]\n\n - sandbox: create a new session for sandboxed processes\n Resolves: (CVE-2016-7545)\n\n - Update translations Resolves: rhbz#819794\n\n - Fix sepolgen test cases Resolves: rhbz#1306550\n\n - sandbox: Improve comments in sysconfig file Resolves:\n rhbz#1159336\n\n - secon, newrole: fix inconsistence between --help and man\n page Resolves: rhbz#1278811, rhbz#1278913\n\n - restorecond: treat root as a regular user Resolves:\n rhbz#1281877\n\n - semanage: don't skip reserver_port_t Resolves:\n rhbz#1225806\n\n - semanage: check if a store exists Resolves: rhbz#1208801\n\n - fixfiles: check the SELinux status Resolves:\n rhbz#1240788\n\n - semanage: Use OrderedDict for list of fcontexts\n Resolves: rhbz#1206767\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-November/000581.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3c3c250\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-November/000580.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ea3d222\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected policycoreutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"policycoreutils-2.0.83-30.1.0.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"policycoreutils-2.0.83-30.1.0.1.el6_8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:37:44", "description": "An update for policycoreutils is now available for Red Hat Enterprise Linux 7.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-16T00:00:00", "type": "nessus", "title": "RHEL 7 : policycoreutils (RHSA-2017:0535)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:policycoreutils", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-python", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox", "cpe:/o:redhat:enterprise_linux:7.2"], "id": "REDHAT-RHSA-2017-0535.NASL", "href": "https://www.tenable.com/plugins/nessus/97768", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0535. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97768);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"RHSA\", value:\"2017:0535\");\n\n script_name(english:\"RHEL 7 : policycoreutils (RHSA-2017:0535)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for policycoreutils is now available for Red Hat Enterprise\nLinux 7.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7545\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0535\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"policycoreutils-debuginfo-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"policycoreutils-devel-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-gui-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-newrole-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-python-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-restorecond-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-sandbox-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.2.5-21.el7_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-debuginfo / policycoreutils-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-29T03:40:30", "description": "Security Fix(es) :\n\n - It was found that the sandbox tool provided in\n policycoreutils was vulnerable to a TIOCSTI ioctl\n attack. A specially crafted program executed via the\n sandbox command could use this flaw to execute arbitrary\n commands in the context of the parent shell, escaping\n the sandbox. (CVE-2016-7545)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : policycoreutils on SL6.x, SL7.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-11-22T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161114_POLICYCOREUTILS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nexit(0, \"Temporarily disabled\");\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95048);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"Scientific Linux Security Update : policycoreutils on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that the sandbox tool provided in\n policycoreutils was vulnerable to a TIOCSTI ioctl\n attack. A specially crafted program executed via the\n sandbox command could use this flaw to execute arbitrary\n commands in the context of the parent shell, escaping\n the sandbox. (CVE-2016-7545)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1611&L=scientific-linux-errata&F=&S=&P=3343\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6ace62d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-debuginfo-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-debuginfo-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-devel-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.5-9.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T15:19:32", "description": "SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2017-01-19T20:59:00", "type": "cve", "title": "CVE-2016-7545", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:fedoraproject:fedora:25", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/a:selinux_project:selinux:-", "cpe:/o:redhat:enterprise_linux_server_tus:7.3"], "id": "CVE-2016-7545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7545", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:selinux_project:selinux:-:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:42", "description": "Check for the Version of policycoreutils", "cvss3": {}, "published": "2016-11-20T00:00:00", "type": "openvas", "title": "CentOS Update for policycoreutils CESA-2016:2702 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882599", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for policycoreutils CESA-2016:2702 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882599\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:37:33 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for policycoreutils CESA-2016:2702 centos6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The policycoreutils packages contain the\ncore policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n * It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program executed\nvia the sandbox command could use this flaw to execute arbitrary commands\nin the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\");\n script_tag(name:\"affected\", value:\"policycoreutils on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2702\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022147.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of policycoreutils\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-gui\", rpm:\"policycoreutils-gui~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-newrole\", rpm:\"policycoreutils-newrole~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-python\", rpm:\"policycoreutils-python~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-sandbox\", rpm:\"policycoreutils-sandbox~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for checkpolicy FEDORA-2016-b7e8e980ef", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871999", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871999", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for checkpolicy FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871999\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:23:51 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for checkpolicy FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'checkpolicy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"checkpolicy on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FIYRSFO6CUD5UXJ5T4YFRP3HB7DRTI5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"checkpolicy\", rpm:\"checkpolicy~2.5~8.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for secilc FEDORA-2016-b7e8e980ef", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for secilc FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872024\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:24:34 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for secilc FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'secilc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"secilc on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5QYMLVEVLYDJO3M2E24XWRGNI5OVFIO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"secilc\", rpm:\"secilc~2.5~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for libselinux FEDORA-2016-b7e8e980ef", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871970", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libselinux FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871970\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:22:05 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libselinux FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libselinux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libselinux on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKN7AFZFPXKRYFUHD67AGQT5JP5GREBF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libselinux\", rpm:\"libselinux~2.5~12.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-15T00:00:00", "type": "openvas", "title": "RedHat Update for policycoreutils RHSA-2016:2702-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for policycoreutils RHSA-2016:2702-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871715\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-15 05:40:40 +0100 (Tue, 15 Nov 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for policycoreutils RHSA-2016:2702-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'policycoreutils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The policycoreutils packages contain the core policy utilities required to\nmanage a SELinux environment.\n\nSecurity Fix(es):\n\n * It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program executed\nvia the sandbox command could use this flaw to execute arbitrary commands\nin the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\");\n script_tag(name:\"affected\", value:\"policycoreutils on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2702-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00062.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-debuginfo\", rpm:\"policycoreutils-debuginfo~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-devel\", rpm:\"policycoreutils-devel~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-gui\", rpm:\"policycoreutils-gui~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-newrole\", rpm:\"policycoreutils-newrole~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-python\", rpm:\"policycoreutils-python~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-sandbox\", rpm:\"policycoreutils-sandbox~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-debuginfo\", rpm:\"policycoreutils-debuginfo~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-gui\", rpm:\"policycoreutils-gui~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-newrole\", rpm:\"policycoreutils-newrole~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-python\", rpm:\"policycoreutils-python~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-sandbox\", rpm:\"policycoreutils-sandbox~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for policycoreutils FEDORA-2016-b7e8e980ef", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872007", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for policycoreutils FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872007\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:23:59 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for policycoreutils FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'policycoreutils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"policycoreutils on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.5~17.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for libsepol FEDORA-2016-b7e8e980ef", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310871986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871986", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsepol FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871986\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:22:32 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libsepol FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsepol'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libsepol on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DETSAI3UUYN7GVNEMXKT62Y4ZBDJ7CS3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsepol\", rpm:\"libsepol~2.5~10.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for policycoreutils (EulerOS-SA-2016-1083)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161083", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1083\");\n script_version(\"2020-01-23T10:42:26+0000\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:42:26 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:42:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for policycoreutils (EulerOS-SA-2016-1083)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1083\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1083\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'policycoreutils' package(s) announced via the EulerOS-SA-2016-1083 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\");\n\n script_tag(name:\"affected\", value:\"'policycoreutils' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-devel\", rpm:\"policycoreutils-devel~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-gui\", rpm:\"policycoreutils-gui~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-newrole\", rpm:\"policycoreutils-newrole~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-python\", rpm:\"policycoreutils-python~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-sandbox\", rpm:\"policycoreutils-sandbox~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for libsemanage FEDORA-2016-b7e8e980ef", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7545"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872051", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsemanage FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872051\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:40 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libsemanage FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsemanage'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libsemanage on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3G6PYHTN5UTOVK2QL2PXRKLUVIN22S\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsemanage\", rpm:\"libsemanage~2.5~8.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:43", "description": "[2.0.83-30.1.0.1]\n- Lazy unmount private, shared entry(Joe Jin)[orabug 12560705]\n[2.0.83-30.1]\n- sandbox: create a new session for sandboxed processes\nResolves: CVE-2016-7545", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-11-14T00:00:00", "type": "oraclelinux", "title": "policycoreutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-11-14T00:00:00", "id": "ELSA-2016-2702", "href": "http://linux.oracle.com/errata/ELSA-2016-2702.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:52:03", "description": "**CentOS Errata and Security Advisory** CESA-2016:2702\n\n\nThe policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-November/059066.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-November/016576.html\n\n**Affected packages:**\npolicycoreutils\npolicycoreutils-devel\npolicycoreutils-gui\npolicycoreutils-newrole\npolicycoreutils-python\npolicycoreutils-restorecond\npolicycoreutils-sandbox\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2702", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-11-19T11:15:32", "type": "centos", "title": "policycoreutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-11-25T16:47:58", "id": "CESA-2016:2702", "href": "https://lists.centos.org/pipermail/centos-announce/2016-November/059066.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-23T21:52:37", "description": "Package : policycoreutils\nVersion : 2.1.10-9+deb7u1\nCVE ID : CVE-2016-7545\nDebian Bug : 838599\n\nIt was discovered that there was a sandbox escape via the "TIOCSTI" ioctl in\npolicycoreutils, a set of programs required for the basic operation of an\nSELinux-based system.\n\nFor Debian 7 "Wheezy", this issue has been fixed in policycoreutils version\n2.1.10-9+deb7u1.\n\nWe recommend that you upgrade your policycoreutils packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-09-25T16:05:23", "type": "debian", "title": "[SECURITY] [DLA 638-1] policycoreutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-09-25T16:05:23", "id": "DEBIAN:DLA-638-1:55A32", "href": "https://lists.debian.org/debian-lts-announce/2016/09/msg00030.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "The SELinux CIL Compiler is a compiler that converts the CIL language as described on the CIL design wiki into a kernel binary policy file. Please see the CIL Design Wiki at: http://github.com/SELinuxProject/cil/wiki/ for more information about the goals and features on the CIL language. ", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-10-10T18:06:51", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: secilc-2.5-6.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-10-10T18:06:51", "id": "FEDORA:10B49608B7EB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L5QYMLVEVLYDJO3M2E24XWRGNI5OVFIO/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. This package contains checkpolicy, the SELinux policy compiler. Only required for building policies. ", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-10-10T18:06:51", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: checkpolicy-2.5-8.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-10-10T18:06:51", "id": "FEDORA:1B50B608EC12", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6FIYRSFO6CUD5UXJ5T4YFRP3HB7DRTI5/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. libsepol provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformatio ns on binary policies such as customizing policy boolean settings. ", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-10-10T18:06:51", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libsepol-2.5-10.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-10-10T18:06:51", "id": "FEDORA:4EAA8608EE4B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DETSAI3UUYN7GVNEMXKT62Y4ZBDJ7CS3/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. libsemanage provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformatio ns on binary policies such as customizing policy boolean settings. ", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-10-10T18:06:51", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libsemanage-2.5-8.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-10-10T18:06:51", "id": "FEDORA:273E0608EC33", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CN3G6PYHTN5UTOVK2QL2PXRKLUVIN22S/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles. ", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-10-10T18:06:51", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: policycoreutils-2.5-17.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-10-10T18:06:51", "id": "FEDORA:31859608EC38", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:42:27", "description": "The policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-03-15T13:36:03", "type": "redhat", "title": "(RHSA-2017:0535) Important: policycoreutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2017-08-28T02:44:18", "id": "RHSA-2017:0535", "href": "https://access.redhat.com/errata/RHSA-2017:0535", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:47:11", "description": "The policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-03-15T13:36:15", "type": "redhat", "title": "(RHSA-2017:0536) Important: policycoreutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2017-03-15T13:40:50", "id": "RHSA-2017:0536", "href": "https://access.redhat.com/errata/RHSA-2017:0536", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T18:40:47", "description": "The policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-11-14T10:43:01", "type": "redhat", "title": "(RHSA-2016:2702) Important: policycoreutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2018-06-06T16:24:33", "id": "RHSA-2016:2702", "href": "https://access.redhat.com/errata/RHSA-2016:2702", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-06-20T06:03:54", "description": "SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2017-01-19T20:59:00", "type": "debiancve", "title": "CVE-2016-7545", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2017-01-19T20:59:00", "id": "DEBIANCVE:CVE-2016-7545", "href": "https://security-tracker.debian.org/tracker/CVE-2016-7545", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-09-14T01:58:07", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-09-14T01:10:00", "type": "f5", "title": "SELinux policycoreutils vulnerability CVE-2016-7545", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2017-09-14T01:10:00", "id": "F5:K53411527", "href": "https://support.f5.com/csp/article/K53411527", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhatcve": [{"lastseen": "2021-11-09T01:51:00", "description": "It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2019-10-11T16:52:38", "type": "redhatcve", "title": "CVE-2016-7545", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2021-11-08T23:45:46", "id": "RH:CVE-2016-7545", "href": "https://access.redhat.com/security/cve/CVE-2016-7545", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2021-07-25T19:27:48", "description": "**Issue Overview:**\n\nIt was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox.\n\n \n**Affected Packages:** \n\n\npolicycoreutils\n\n \n**Issue Correction:** \nRun _yum update policycoreutils_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 policycoreutils-debuginfo-2.1.12-5.25.amzn1.i686 \n \u00a0\u00a0\u00a0 policycoreutils-restorecond-2.1.12-5.25.amzn1.i686 \n \u00a0\u00a0\u00a0 policycoreutils-2.1.12-5.25.amzn1.i686 \n \u00a0\u00a0\u00a0 policycoreutils-newrole-2.1.12-5.25.amzn1.i686 \n \u00a0\u00a0\u00a0 policycoreutils-python-2.1.12-5.25.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 policycoreutils-2.1.12-5.25.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 policycoreutils-python-2.1.12-5.25.amzn1.x86_64 \n \u00a0\u00a0\u00a0 policycoreutils-restorecond-2.1.12-5.25.amzn1.x86_64 \n \u00a0\u00a0\u00a0 policycoreutils-debuginfo-2.1.12-5.25.amzn1.x86_64 \n \u00a0\u00a0\u00a0 policycoreutils-newrole-2.1.12-5.25.amzn1.x86_64 \n \u00a0\u00a0\u00a0 policycoreutils-2.1.12-5.25.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-11-10T18:00:00", "type": "amazon", "title": "Important: policycoreutils", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2016-11-10T18:00:00", "id": "ALAS-2016-765", "href": "https://alas.aws.amazon.com/ALAS-2016-765.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2021-12-30T21:40:20", "description": "## Summary\n\nPowerKVM is affected by a vulnerability in policycoreutils. IBM has now addressed this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-7545_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545>)** \nDESCRIPTION:** Policycoreutils could allow a remote attacker to execute arbitrary commands on the system, caused by a TIOCSTI ioctl attack in the provided sandbox tool. By persuading a victim to run a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119020_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119020>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed as of 3.1.0.2 update 5 or later.\n\nFor version 2.1, see [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>). This issue is addressed as of PowerKVM 2.1.1.3-65 update 15 or later. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n\nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n23 Jan 2017 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-06-18T01:34:54", "type": "ibm", "title": "Security Bulletin: A vulnerability in policycoreutils affects PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2018-06-18T01:34:54", "id": "7E43219682AAA97E33DA50421D1BF6893CF53EA7F4D7F218F5494A31DF1739F6", "href": "https://www.ibm.com/support/pages/node/630543", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:42:21", "description": "## Summary\n\nIBM Security Guardium is affected by Using Components with Known vulnerabilities. IBM Security Guardium has fixed these vulnerabilities\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3584_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3584>)** \nDESCRIPTION:** Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received in the authorization header of a request by the Apache CXF JAX-RS service. By passing malicious values using the SamlHeaderInHandler, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97753_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97753>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3538_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>)** \nDESCRIPTION:** Fine Free file is vulnerable to a denial of service, caused by the failure to properly restrict the amount of data read during a regex search. A remote attacker could exploit this vulnerability using a specially-crafted file to consume all available CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94324_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94324>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2016-9311_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference when trap service has been enabled. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119086_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119086>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9310_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error in the control mode (mode 6) functionality. By sending specially crafted control mode packets, a remote attacker could exploit this vulnerability to obtain sensitive information and cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119087_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119087>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9147_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120473_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120473>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8635_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by a small subgroup confinement attack in Diffie Hellman Client key exchange handling. By confining the client DH key to small subgroup of the desired group, a remote attacker could exploit this vulnerability to recover private keys. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7545_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545>)** \nDESCRIPTION:** Policycoreutils could allow a remote attacker to execute arbitrary commands on the system, caused by a TIOCSTI ioctl attack in the provided sandbox tool. By persuading a victim to run a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119020_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119020>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7433_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the inclusion of the root delay allowing for an incorrect root distance calculation. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119095_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119095>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7429_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an attack on interface selection. By sending specially crafted packets with spoofed source address, a physical attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119093_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119093>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7426_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the improper handling of invalid server responses. By sending specially crafted packets with spoofed source address, a remote attacker could exploit this vulnerability to a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119094_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119094>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7076_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed wordexp() C library function with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119502_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119502>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7032_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed system() or popen() C library functions with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119500_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-6313_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313>)** \nDESCRIPTION:** GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. A local attacker could exploit this vulnerability to predict the next 160 bits of output. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116169_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116169>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6306_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. A remote authenticated attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117112_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117112>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6304_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117110_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117110>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6302_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function A remote attacker could exploit this vulnerability using a ticket that is too short to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5699_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699>)** \nDESCRIPTION:** urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114200_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114200>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5424_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424>)** \nDESCRIPTION:** PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the improper handling of database and role names containing newlines, carriage returns, double quotes, or backslashes. By running certain maintenance programs, an attacker could grant the user superuser privileges. \nCVSS Base Score: 8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116075_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116075>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-5408_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5408>)** \nDESCRIPTION:** SQUID is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the munge_other_line function in the cachemgr.cgi. By sending specially crafted data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116203_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116203>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-5285_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when handling invalid Diffie-Hellman keys. A remote attacker could exploit this vulnerability to crash a TLS/SSL server. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119189_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119189>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2182_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. A remote attacker could exploit this vulnerability using a specially crafted value to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116342_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116342>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2181_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116344_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116344>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2180_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could exploit this vulnerability using a specially crafted time-stamp file to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115829_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115829>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2179_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116343_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116343>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2178_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1248_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248>)** \nDESCRIPTION:** Vim could allow a local attacker to execute arbitrary code on the system, caused by the improper validation of the ''filetype'', ''syntax'' and ''keymap'' options. By using a specially-crafted filee with a malicious modeline, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119191_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119191>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0787_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787>)** \nDESCRIPTION:** libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amount of random bits for Diffie-Hellman. An attacker could exploit this vulnerability using the truncated Diffie-Hellman secret to launch further attacks on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0772_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772>)** \nDESCRIPTION:** Python''s smtplib library is vulnerable to a stripping attack. An exception isn''t returned by the Python''s smtplib library if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with man-in-the-middle ability could exploit this vulnerability to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114287_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114287>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0718_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718>)** \nDESCRIPTION:** Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7940_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940>)** \nDESCRIPTION:** Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-2575_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102348_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102348>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0254_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254>)** \nDESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101550_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101550>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9653_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>)** \nDESCRIPTION:** file could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in readelf.c. By persuading a victim to open a specially-crafted elf file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9620_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>)** \nDESCRIPTION:** File is vulnerable to a denial of service, caused by an error in the ELF parser. A remote attacker could exploit this vulnerability using an overly long string to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100258_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100258>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the softmagic.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99419>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8116_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the readelf.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3710_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the donote() function. By persuading a victim to open a specially-crafted elf file, a remote attacker could exploit this vulnerability to cause the executable to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98385_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98385>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3587_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdf_read_property_info() function. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium| 10x| [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p230_GPU_Jun-2017-V10.1.3&includeSupersedes=0&source=fc_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p230_GPU_Jun-2017-V10.1.3&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n08/17/2017: Original publish date\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSMPHH\",\"label\":\"IBM Security Guardium\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"10.0;10.0.1;10.1;10.1.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-16T22:02:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by Using Components with Known vulnerabilities (multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3584", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653", "CVE-2015-0254", "CVE-2015-2575", "CVE-2015-7940", "CVE-2016-0718", "CVE-2016-0772", "CVE-2016-0787", "CVE-2016-1248", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2834", "CVE-2016-5285", "CVE-2016-5408", "CVE-2016-5424", "CVE-2016-5699", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6313", "CVE-2016-7032", "CVE-2016-7076", "CVE-2016-7117", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-7545", "CVE-2016-8635", "CVE-2016-9147", "CVE-2016-9310", "CVE-2016-9311"], "modified": "2018-06-16T22:02:01", "id": "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "href": "https://www.ibm.com/support/pages/node/566897", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:40:47", "description": "## Summary\n\nIBM Security Guardium is affected by Using Components with Known Vulnerabilities. IBM Security Guardium has fixed these vulnerabilities \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3584_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3584>)** \nDESCRIPTION:** Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received in the authorization header of a request by the Apache CXF JAX-RS service. By passing malicious values using the SamlHeaderInHandler, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97753_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97753>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3538_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>)** \nDESCRIPTION:** Fine Free file is vulnerable to a denial of service, caused by the failure to properly restrict the amount of data read during a regex search. A remote attacker could exploit this vulnerability using a specially-crafted file to consume all available CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94324_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94324>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2016-9311_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference when trap service has been enabled. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119086_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119086>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9310_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error in the control mode (mode 6) functionality. By sending specially crafted control mode packets, a remote attacker could exploit this vulnerability to obtain sensitive information and cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119087_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119087>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9147_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120473_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120473>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8635_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by a small subgroup confinement attack in Diffie Hellman Client key exchange handling. By confining the client DH key to small subgroup of the desired group, a remote attacker could exploit this vulnerability to recover private keys. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7545_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545>)** \nDESCRIPTION:** Policycoreutils could allow a remote attacker to execute arbitrary commands on the system, caused by a TIOCSTI ioctl attack in the provided sandbox tool. By persuading a victim to run a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119020_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119020>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7433_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the inclusion of the root delay allowing for an incorrect root distance calculation. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119095_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119095>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7429_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an attack on interface selection. By sending specially crafted packets with spoofed source address, a physical attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119093_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119093>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7426_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the improper handling of invalid server responses. By sending specially crafted packets with spoofed source address, a remote attacker could exploit this vulnerability to a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119094_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119094>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7076_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed wordexp() C library function with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119502_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119502>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7032_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed system() or popen() C library functions with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119500_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-6313_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313>)** \nDESCRIPTION:** GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. A local attacker could exploit this vulnerability to predict the next 160 bits of output. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116169_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116169>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6306_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. A remote authenticated attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117112_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117112>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6304_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117110_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117110>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6302_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function A remote attacker could exploit this vulnerability using a ticket that is too short to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5699_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699>)** \nDESCRIPTION:** urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114200_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114200>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5424_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424>)** \nDESCRIPTION:** PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the improper handling of database and role names containing newlines, carriage returns, double quotes, or backslashes. By running certain maintenance programs, an attacker could grant the user superuser privileges. \nCVSS Base Score: 8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116075_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116075>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-5408_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5408>)** \nDESCRIPTION:** SQUID is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the munge_other_line function in the cachemgr.cgi. By sending specially crafted data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116203_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116203>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-5285_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when handling invalid Diffie-Hellman keys. A remote attacker could exploit this vulnerability to crash a TLS/SSL server. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119189_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119189>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2182_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. A remote attacker could exploit this vulnerability using a specially crafted value to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116342_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116342>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2181_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116344_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116344>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2180_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could exploit this vulnerability using a specially crafted time-stamp file to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115829_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115829>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2179_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116343_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116343>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2178_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1248_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248>)** \nDESCRIPTION:** Vim could allow a local attacker to execute arbitrary code on the system, caused by the improper validation of the ''filetype'', ''syntax'' and ''keymap'' options. By using a specially-crafted filee with a malicious modeline, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119191_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119191>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0787_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787>)** \nDESCRIPTION:** libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amount of random bits for Diffie-Hellman. An attacker could exploit this vulnerability using the truncated Diffie-Hellman secret to launch further attacks on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0772_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772>)** \nDESCRIPTION:** Python''s smtplib library is vulnerable to a stripping attack. An exception isn''t returned by the Python''s smtplib library if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with man-in-the-middle ability could exploit this vulnerability to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114287_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114287>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0718_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718>)** \nDESCRIPTION:** Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7940_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940>)** \nDESCRIPTION:** Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-2575_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102348_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102348>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0254_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254>)** \nDESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101550_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101550>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9653_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>)** \nDESCRIPTION:** file could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in readelf.c. By persuading a victim to open a specially-crafted elf file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9620_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>)** \nDESCRIPTION:** File is vulnerable to a denial of service, caused by an error in the ELF parser. A remote attacker could exploit this vulnerability using an overly long string to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100258_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100258>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the softmagic.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99419>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8116_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the readelf.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3710_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the donote() function. By persuading a victim to open a specially-crafted elf file, a remote attacker could exploit this vulnerability to cause the executable to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98385_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98385>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3587_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdf_read_property_info() function. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium| 10.0-10.1.3| [www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes=0&source=fc](<www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n12/19/17: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSMPHH\",\"label\":\"IBM Security Guardium\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"10.0;10.0.1;10.1;10.1.2;10.1.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-16T22:03:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3584", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653", "CVE-2015-0254", "CVE-2015-2575", "CVE-2015-7940", "CVE-2016-0718", "CVE-2016-0772", "CVE-2016-0787", "CVE-2016-1248", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2834", "CVE-2016-5285", "CVE-2016-5408", "CVE-2016-5424", "CVE-2016-5699", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6313", "CVE-2016-7032", "CVE-2016-7076", "CVE-2016-7117", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-7545", "CVE-2016-8635", "CVE-2016-9147", "CVE-2016-9310", "CVE-2016-9311"], "modified": "2018-06-16T22:03:01", "id": "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "href": "https://www.ibm.com/support/pages/node/297165", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:44:33", "description": "SELinux policycoreutils allows local users to execute arbitrary commands\noutside of the sandbox via a crafted TIOCSTI ioctl call.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838599>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[ebarretto](<https://launchpad.net/~ebarretto>) | sandbox executable not packaged in Trusty and Xenial\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-01-19T00:00:00", "type": "ubuntucve", "title": "CVE-2016-7545", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2017-01-19T00:00:00", "id": "UB:CVE-2016-7545", "href": "https://ubuntu.com/security/CVE-2016-7545", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
[SECURITY] Fedora 25 Update: libselinux-2.5-12.fc25
