setroubleshoot: command injection issues

🗓️ 23 Jun 2016 08:52:54Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

setroubleshoot command injection flaws allow local attackers to run root code by triggering denials.

Reporter	Title	Published	Views	Family All 38
Tenable Nessus	CentOS 6 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1267)	22 Jun 201600:00	–	nessus
Tenable Nessus	CentOS 7 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1293)	24 Jun 201600:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : setroubleshoot, setroubleshoot-plugins (EulerOS-SA-2016-1033)	1 May 201700:00	–	nessus
Tenable Nessus	MiracleLinux 4 : setroubleshoot-plugins-3.0.40-3.1.0.1.AXS4, setroubleshoot-3.0.47-12.0.1.AXS4 (AXSA:2016-543:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	MiracleLinux 7 : setroubleshoot-plugins-3.0.59-2.0.1.el7.AXS7, setroubleshoot-3.2.24-4.0.1.el7.AXS7 (AXSA:2016-547:01)	16 Jan 202600:00	–	nessus
Tenable Nessus	Oracle Linux 6 : setroubleshoot / and / setroubleshoot-plugins (ELSA-2016-1267)	22 Jun 201600:00	–	nessus
Tenable Nessus	Oracle Linux 7 : setroubleshoot / and / setroubleshoot-plugins (ELSA-2016-1293)	24 Jun 201600:00	–	nessus
Tenable Nessus	RHEL 6 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1267)	22 Jun 201600:00	–	nessus
Tenable Nessus	RHEL 7 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1293)	24 Jun 201600:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : setroubleshoot and setroubleshoot-plugins on SL6.x i386/x86_64 (20160621)	24 Jun 201600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	ppc64	setroubleshoot	0:3.2.24-4.el7_2	setroubleshoot-0:3.2.24-4.el7_2.ppc64.rpm
Red Hat Enterprise Linux	7	ppc64le	setroubleshoot	0:3.2.24-4.el7_2	setroubleshoot-0:3.2.24-4.el7_2.ppc64le.rpm
Red Hat Enterprise Linux	7	s390x	setroubleshoot	0:3.2.24-4.el7_2	setroubleshoot-0:3.2.24-4.el7_2.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	setroubleshoot	0:3.2.24-4.el7_2	setroubleshoot-0:3.2.24-4.el7_2.x86_64.rpm
Red Hat Enterprise Linux	7	ppc64	setroubleshoot-debuginfo	0:3.2.24-4.el7_2	setroubleshoot-debuginfo-0:3.2.24-4.el7_2.ppc64.rpm
Red Hat Enterprise Linux	7	ppc64le	setroubleshoot-debuginfo	0:3.2.24-4.el7_2	setroubleshoot-debuginfo-0:3.2.24-4.el7_2.ppc64le.rpm
Red Hat Enterprise Linux	7	s390x	setroubleshoot-debuginfo	0:3.2.24-4.el7_2	setroubleshoot-debuginfo-0:3.2.24-4.el7_2.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	setroubleshoot-debuginfo	0:3.2.24-4.el7_2	setroubleshoot-debuginfo-0:3.2.24-4.el7_2.x86_64.rpm
Red Hat Enterprise Linux	7	any	setroubleshoot-plugins	0:3.0.59-2.el7_2.noarch	setroubleshoot-plugins-0:3.0.59-2.el7_2.noarch.noarch.rpm
Red Hat Enterprise Linux	7	ppc64	setroubleshoot-server	0:3.2.24-4.el7_2	setroubleshoot-server-0:3.2.24-4.el7_2.ppc64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-4989
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-4989
cve	www.cve.org/CVERecord

13 May 2026 01:52Current

7.5High risk

Vulners AI Score7.5

CVSS 26.9

CVSS 37

EPSS0.00049

setroubleshoot command injection local attacker root code denials