ID RHSA-2017:0535 Type redhat Reporter RedHat Modified 2017-08-28T06:44:18
Description
The policycoreutils packages contain the core policy utilities required to manage a SELinux environment.
Security Fix(es):
It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)
{"cve": [{"lastseen": "2020-10-03T12:10:50", "description": "SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.", "edition": 3, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-01-19T20:59:00", "title": "CVE-2016-7545", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7545"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/a:selinux_project:selinux:-", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:fedoraproject:fedora:25", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0"], "id": "CVE-2016-7545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7545", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:selinux_project:selinux:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2017-09-14T01:58:07", "bulletinFamily": "software", "cvelist": ["CVE-2016-7545"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-09-14T01:10:00", "published": "2017-09-14T01:10:00", "href": "https://support.f5.com/csp/article/K53411527", "id": "F5:K53411527", "title": "SELinux policycoreutils vulnerability CVE-2016-7545", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:36:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "**Issue Overview:**\n\nIt was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox.\n\n \n**Affected Packages:** \n\n\npolicycoreutils\n\n \n**Issue Correction:** \nRun _yum update policycoreutils_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n policycoreutils-debuginfo-2.1.12-5.25.amzn1.i686 \n policycoreutils-restorecond-2.1.12-5.25.amzn1.i686 \n policycoreutils-2.1.12-5.25.amzn1.i686 \n policycoreutils-newrole-2.1.12-5.25.amzn1.i686 \n policycoreutils-python-2.1.12-5.25.amzn1.i686 \n \n src: \n policycoreutils-2.1.12-5.25.amzn1.src \n \n x86_64: \n policycoreutils-python-2.1.12-5.25.amzn1.x86_64 \n policycoreutils-restorecond-2.1.12-5.25.amzn1.x86_64 \n policycoreutils-debuginfo-2.1.12-5.25.amzn1.x86_64 \n policycoreutils-newrole-2.1.12-5.25.amzn1.x86_64 \n policycoreutils-2.1.12-5.25.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2016-11-10T18:00:00", "published": "2016-11-10T18:00:00", "id": "ALAS-2016-765", "href": "https://alas.aws.amazon.com/ALAS-2016-765.html", "title": "Important: policycoreutils", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "Check for the Version of policycoreutils", "modified": "2019-03-08T00:00:00", "published": "2016-11-20T00:00:00", "id": "OPENVAS:1361412562310882599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882599", "type": "openvas", "title": "CentOS Update for policycoreutils CESA-2016:2702 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for policycoreutils CESA-2016:2702 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882599\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-20 05:37:33 +0100 (Sun, 20 Nov 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for policycoreutils CESA-2016:2702 centos6\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The policycoreutils packages contain the\ncore policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n * It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program executed\nvia the sandbox command could use this flaw to execute arbitrary commands\nin the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\");\n script_tag(name:\"affected\", value:\"policycoreutils on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2702\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-November/022147.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of policycoreutils\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-gui\", rpm:\"policycoreutils-gui~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-newrole\", rpm:\"policycoreutils-newrole~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-python\", rpm:\"policycoreutils-python~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-sandbox\", rpm:\"policycoreutils-sandbox~2.0.83~30.1.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872024", "type": "openvas", "title": "Fedora Update for secilc FEDORA-2016-b7e8e980ef", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for secilc FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872024\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:24:34 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for secilc FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'secilc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"secilc on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5QYMLVEVLYDJO3M2E24XWRGNI5OVFIO\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"secilc\", rpm:\"secilc~2.5~6.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-11-15T00:00:00", "id": "OPENVAS:1361412562310871715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871715", "type": "openvas", "title": "RedHat Update for policycoreutils RHSA-2016:2702-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for policycoreutils RHSA-2016:2702-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871715\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-15 05:40:40 +0100 (Tue, 15 Nov 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for policycoreutils RHSA-2016:2702-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'policycoreutils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The policycoreutils packages contain the core policy utilities required to\nmanage a SELinux environment.\n\nSecurity Fix(es):\n\n * It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program executed\nvia the sandbox command could use this flaw to execute arbitrary commands\nin the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\");\n script_tag(name:\"affected\", value:\"policycoreutils on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2702-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00062.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-debuginfo\", rpm:\"policycoreutils-debuginfo~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-devel\", rpm:\"policycoreutils-devel~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-gui\", rpm:\"policycoreutils-gui~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-newrole\", rpm:\"policycoreutils-newrole~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-python\", rpm:\"policycoreutils-python~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-sandbox\", rpm:\"policycoreutils-sandbox~2.5~9.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-debuginfo\", rpm:\"policycoreutils-debuginfo~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-gui\", rpm:\"policycoreutils-gui~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-newrole\", rpm:\"policycoreutils-newrole~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-python\", rpm:\"policycoreutils-python~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"policycoreutils-sandbox\", rpm:\"policycoreutils-sandbox~2.0.83~30.1.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872007", "type": "openvas", "title": "Fedora Update for policycoreutils FEDORA-2016-b7e8e980ef", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for policycoreutils FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872007\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:23:59 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for policycoreutils FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'policycoreutils'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"policycoreutils on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.5~17.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871986", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871986", "type": "openvas", "title": "Fedora Update for libsepol FEDORA-2016-b7e8e980ef", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsepol FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871986\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:22:32 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libsepol FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsepol'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libsepol on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DETSAI3UUYN7GVNEMXKT62Y4ZBDJ7CS3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsepol\", rpm:\"libsepol~2.5~10.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871999", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871999", "type": "openvas", "title": "Fedora Update for checkpolicy FEDORA-2016-b7e8e980ef", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for checkpolicy FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871999\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:23:51 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for checkpolicy FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'checkpolicy'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"checkpolicy on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FIYRSFO6CUD5UXJ5T4YFRP3HB7DRTI5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"checkpolicy\", rpm:\"checkpolicy~2.5~8.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871970", "type": "openvas", "title": "Fedora Update for libselinux FEDORA-2016-b7e8e980ef", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libselinux FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871970\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:22:05 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libselinux FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libselinux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libselinux on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKN7AFZFPXKRYFUHD67AGQT5JP5GREBF\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libselinux\", rpm:\"libselinux~2.5~12.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310872051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872051", "type": "openvas", "title": "Fedora Update for libsemanage FEDORA-2016-b7e8e980ef", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsemanage FEDORA-2016-b7e8e980ef\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872051\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:40 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libsemanage FEDORA-2016-b7e8e980ef\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsemanage'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libsemanage on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3G6PYHTN5UTOVK2QL2PXRKLUVIN22S\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsemanage\", rpm:\"libsemanage~2.5~8.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220161083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220161083", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for policycoreutils (EulerOS-SA-2016-1083)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2016.1083\");\n script_version(\"2020-01-23T10:42:26+0000\");\n script_cve_id(\"CVE-2016-7545\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:42:26 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:42:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for policycoreutils (EulerOS-SA-2016-1083)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2016-1083\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1083\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'policycoreutils' package(s) announced via the EulerOS-SA-2016-1083 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\");\n\n script_tag(name:\"affected\", value:\"'policycoreutils' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils\", rpm:\"policycoreutils~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-devel\", rpm:\"policycoreutils-devel~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-gui\", rpm:\"policycoreutils-gui~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-newrole\", rpm:\"policycoreutils-newrole~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-python\", rpm:\"policycoreutils-python~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"policycoreutils-sandbox\", rpm:\"policycoreutils-sandbox~2.2.5~15.h1\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "The policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "modified": "2018-06-06T20:24:33", "published": "2016-11-14T15:43:01", "id": "RHSA-2016:2702", "href": "https://access.redhat.com/errata/RHSA-2016:2702", "type": "redhat", "title": "(RHSA-2016:2702) Important: policycoreutils security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "The policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)", "modified": "2017-03-15T17:40:50", "published": "2017-03-15T17:36:15", "id": "RHSA-2017:0536", "href": "https://access.redhat.com/errata/RHSA-2017:0536", "type": "redhat", "title": "(RHSA-2017:0536) Important: policycoreutils security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API. ", "modified": "2016-10-10T18:06:51", "published": "2016-10-10T18:06:51", "id": "FEDORA:3F9E9608EE40", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libselinux-2.5-12.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "The SELinux CIL Compiler is a compiler that converts the CIL language as described on the CIL design wiki into a kernel binary policy file. Please see the CIL Design Wiki at: http://github.com/SELinuxProject/cil/wiki/ for more information about the goals and features on the CIL language. ", "modified": "2016-10-10T18:06:51", "published": "2016-10-10T18:06:51", "id": "FEDORA:10B49608B7EB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: secilc-2.5-6.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. This package contains checkpolicy, the SELinux policy compiler. Only required for building policies. ", "modified": "2016-10-10T18:06:51", "published": "2016-10-10T18:06:51", "id": "FEDORA:1B50B608EC12", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: checkpolicy-2.5-8.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. libsepol provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformatio ns on binary policies such as customizing policy boolean settings. ", "modified": "2016-10-10T18:06:51", "published": "2016-10-10T18:06:51", "id": "FEDORA:4EAA8608EE4B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libsepol-2.5-10.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. libsemanage provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformatio ns on binary policies such as customizing policy boolean settings. ", "modified": "2016-10-10T18:06:51", "published": "2016-10-10T18:06:51", "id": "FEDORA:273E0608EC33", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: libsemanage-2.5-8.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement=EF=BF=BD=EF=BF=BD, Role-based Acc ess Control, and Multi-level Security. policycoreutils contains the policy core utilities that are required for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles. ", "modified": "2016-10-10T18:06:51", "published": "2016-10-10T18:06:51", "id": "FEDORA:31859608EC38", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: policycoreutils-2.5-17.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T01:19:28", "description": "It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent bash, escaping the\nsandbox.", "edition": 25, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-11T00:00:00", "title": "Amazon Linux AMI : policycoreutils (ALAS-2016-765)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:policycoreutils-python", "p-cpe:/a:amazon:linux:policycoreutils-debuginfo", "p-cpe:/a:amazon:linux:policycoreutils-restorecond", "p-cpe:/a:amazon:linux:policycoreutils", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:policycoreutils-newrole"], "id": "ALA_ALAS-2016-765.NASL", "href": "https://www.tenable.com/plugins/nessus/94685", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-765.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94685);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"ALAS\", value:\"2016-765\");\n\n script_name(english:\"Amazon Linux AMI : policycoreutils (ALAS-2016-765)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent bash, escaping the\nsandbox.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-765.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update policycoreutils' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-2.1.12-5.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-debuginfo-2.1.12-5.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-newrole-2.1.12-5.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-python-2.1.12-5.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"policycoreutils-restorecond-2.1.12-5.25.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:07:15", "description": "An update for policycoreutils is now available for Red Hat Enterprise\nLinux 7.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)", "edition": 27, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-03-16T00:00:00", "title": "RHEL 7 : policycoreutils (RHSA-2017:0535)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:policycoreutils", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-python", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui"], "id": "REDHAT-RHSA-2017-0535.NASL", "href": "https://www.tenable.com/plugins/nessus/97768", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0535. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97768);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"RHSA\", value:\"2017:0535\");\n\n script_name(english:\"RHEL 7 : policycoreutils (RHSA-2017:0535)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for policycoreutils is now available for Red Hat Enterprise\nLinux 7.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7545\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0535\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"policycoreutils-debuginfo-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"policycoreutils-devel-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-gui-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-newrole-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-python-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-restorecond-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"s390x\", reference:\"policycoreutils-sandbox-2.2.5-21.el7_2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.2.5-21.el7_2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-debuginfo / policycoreutils-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:43", "description": "This update backports several fixes from upstream and also fixes\nsandbox issues including CVE-2016-7545\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "title": "Fedora 25 : checkpolicy / libselinux / libsemanage / libsepol / policycoreutils / etc (2016-b7e8e980ef)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2016-11-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:secilc", "p-cpe:/a:fedoraproject:fedora:checkpolicy", "cpe:/o:fedoraproject:fedora:25", "p-cpe:/a:fedoraproject:fedora:libsemanage", "p-cpe:/a:fedoraproject:fedora:libsepol", "p-cpe:/a:fedoraproject:fedora:libselinux", "p-cpe:/a:fedoraproject:fedora:policycoreutils"], "id": "FEDORA_2016-B7E8E980EF.NASL", "href": "https://www.tenable.com/plugins/nessus/94854", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-b7e8e980ef.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94854);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"FEDORA\", value:\"2016-b7e8e980ef\");\n\n script_name(english:\"Fedora 25 : checkpolicy / libselinux / libsemanage / libsepol / policycoreutils / etc (2016-b7e8e980ef)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update backports several fixes from upstream and also fixes\nsandbox issues including CVE-2016-7545\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7e8e980ef\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:checkpolicy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libselinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsemanage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsepol\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:secilc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"checkpolicy-2.5-8.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"libselinux-2.5-12.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"libsemanage-2.5-8.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"libsepol-2.5-10.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"policycoreutils-2.5-17.fc25\")) flag++;\nif (rpm_check(release:\"FC25\", reference:\"secilc-2.5-6.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"checkpolicy / libselinux / libsemanage / libsepol / policycoreutils / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:43:59", "description": "It was discovered that there was a sandbox escape via the 'TIOCSTI'\nioctl in policycoreutils, a set of programs required for the basic\noperation of an SELinux-based system.\n\nFor Debian 7 'Wheezy', this issue has been fixed in policycoreutils\nversion 2.1.10-9+deb7u1.\n\nWe recommend that you upgrade your policycoreutils packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-09-26T00:00:00", "title": "Debian DLA-638-1 : policycoreutils security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2016-09-26T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:policycoreutils", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-638.NASL", "href": "https://www.tenable.com/plugins/nessus/93691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-638-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93691);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"Debian DLA-638-1 : policycoreutils security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a sandbox escape via the 'TIOCSTI'\nioctl in policycoreutils, a set of programs required for the basic\noperation of an SELinux-based system.\n\nFor Debian 7 'Wheezy', this issue has been fixed in policycoreutils\nversion 2.1.10-9+deb7u1.\n\nWe recommend that you upgrade your policycoreutils packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/09/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/policycoreutils\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected policycoreutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"policycoreutils\", reference:\"2.1.10-9+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:06:54", "description": "An update for policycoreutils is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)", "edition": 30, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "title": "RHEL 6 / 7 : policycoreutils (RHSA-2016:2702)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:policycoreutils", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-python", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond", "p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-2702.NASL", "href": "https://www.tenable.com/plugins/nessus/94896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2702. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94896);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"RHSA\", value:\"2016:2702\");\n\n script_name(english:\"RHEL 6 / 7 : policycoreutils (RHSA-2016:2702)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for policycoreutils is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7545\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2702\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-debuginfo-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-debuginfo-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-debuginfo-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"policycoreutils-debuginfo-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"policycoreutils-devel-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-gui-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-newrole-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-python-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-restorecond-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"policycoreutils-sandbox-2.5-9.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.5-9.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-debuginfo / policycoreutils-devel / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:50:53", "description": "From Red Hat Security Advisory 2016:2702 :\n\nAn update for policycoreutils is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)", "edition": 27, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "title": "Oracle Linux 6 / 7 : policycoreutils (ELSA-2016-2702)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2016-11-15T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:policycoreutils-restorecond", "p-cpe:/a:oracle:linux:policycoreutils-devel", "p-cpe:/a:oracle:linux:policycoreutils-sandbox", "p-cpe:/a:oracle:linux:policycoreutils", "p-cpe:/a:oracle:linux:policycoreutils-gui", "p-cpe:/a:oracle:linux:policycoreutils-newrole", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:policycoreutils-python"], "id": "ORACLELINUX_ELSA-2016-2702.NASL", "href": "https://www.tenable.com/plugins/nessus/94895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2702 and \n# Oracle Linux Security Advisory ELSA-2016-2702 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94895);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7545\");\n script_xref(name:\"RHSA\", value:\"2016:2702\");\n\n script_name(english:\"Oracle Linux 6 / 7 : policycoreutils (ELSA-2016-2702)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2702 :\n\nAn update for policycoreutils is now available for Red Hat Enterprise\nLinux 6 and Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe policycoreutils packages contain the core policy utilities\nrequired to manage a SELinux environment.\n\nSecurity Fix(es) :\n\n* It was found that the sandbox tool provided in policycoreutils was\nvulnerable to a TIOCSTI ioctl attack. A specially crafted program\nexecuted via the sandbox command could use this flaw to execute\narbitrary commands in the context of the parent shell, escaping the\nsandbox. (CVE-2016-7545)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006507.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006508.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected policycoreutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-newrole\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-restorecond\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:policycoreutils-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-2.0.83-30.1.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-gui-2.0.83-30.1.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-newrole-2.0.83-30.1.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-python-2.0.83-30.1.0.1.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"policycoreutils-sandbox-2.0.83-30.1.0.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-devel-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.5-9.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.5-9.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils / policycoreutils-devel / policycoreutils-gui / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:25:22", "description": "This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent\n [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-01T00:00:00", "title": "SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2017:0340-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2017-02-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:policycoreutils-debugsource", "p-cpe:/a:novell:suse_linux:policycoreutils-python-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:policycoreutils-python", "p-cpe:/a:novell:suse_linux:policycoreutils", "p-cpe:/a:novell:suse_linux:policycoreutils-debuginfo"], "id": "SUSE_SU-2017-0340-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96925", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0340-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96925);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2017:0340-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent\n [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7545/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170340-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?410d1872\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-173=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-2.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-debuginfo-2.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-debugsource-2.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-python-2.3-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"policycoreutils-python-debuginfo-2.3-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:25:22", "description": "This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent\n [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-02-01T00:00:00", "title": "SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2017:0338-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2017-02-01T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:policycoreutils-debugsource", "p-cpe:/a:novell:suse_linux:policycoreutils-python-debuginfo", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:policycoreutils-python", "p-cpe:/a:novell:suse_linux:policycoreutils", "p-cpe:/a:novell:suse_linux:policycoreutils-debuginfo"], "id": "SUSE_SU-2017-0338-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0338-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96923);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2017:0338-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for policycoreutils fixes the following issues :\n\n - CVE-2016-7545: nonpriv session can escape to parent\n [bsc#1000998]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7545/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170338-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee0a1ad6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-172=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-172=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:policycoreutils-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-debuginfo-2.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-debugsource-2.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"policycoreutils-python-debuginfo-2.5-6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T13:24:02", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Lazy unmount private, shared entry(Joe Jin)[orabug\n 12560705]\n\n - sandbox: create a new session for sandboxed processes\n Resolves: (CVE-2016-7545)\n\n - Update translations Resolves: rhbz#819794\n\n - Fix sepolgen test cases Resolves: rhbz#1306550\n\n - sandbox: Improve comments in sysconfig file Resolves:\n rhbz#1159336\n\n - secon, newrole: fix inconsistence between --help and man\n page Resolves: rhbz#1278811, rhbz#1278913\n\n - restorecond: treat root as a regular user Resolves:\n rhbz#1281877\n\n - semanage: don't skip reserver_port_t Resolves:\n rhbz#1225806\n\n - semanage: check if a store exists Resolves: rhbz#1208801\n\n - fixfiles: check the SELinux status Resolves:\n rhbz#1240788\n\n - semanage: Use OrderedDict for list of fcontexts\n Resolves: rhbz#1206767", "edition": 29, "cvss3": {"score": 8.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-11-16T00:00:00", "title": "OracleVM 3.3 / 3.4 : policycoreutils (OVMSA-2016-0157)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2016-11-16T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:policycoreutils"], "id": "ORACLEVM_OVMSA-2016-0157.NASL", "href": "https://www.tenable.com/plugins/nessus/94909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0157.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94909);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : policycoreutils (OVMSA-2016-0157)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Lazy unmount private, shared entry(Joe Jin)[orabug\n 12560705]\n\n - sandbox: create a new session for sandboxed processes\n Resolves: (CVE-2016-7545)\n\n - Update translations Resolves: rhbz#819794\n\n - Fix sepolgen test cases Resolves: rhbz#1306550\n\n - sandbox: Improve comments in sysconfig file Resolves:\n rhbz#1159336\n\n - secon, newrole: fix inconsistence between --help and man\n page Resolves: rhbz#1278811, rhbz#1278913\n\n - restorecond: treat root as a regular user Resolves:\n rhbz#1281877\n\n - semanage: don't skip reserver_port_t Resolves:\n rhbz#1225806\n\n - semanage: check if a store exists Resolves: rhbz#1208801\n\n - fixfiles: check the SELinux status Resolves:\n rhbz#1240788\n\n - semanage: Use OrderedDict for list of fcontexts\n Resolves: rhbz#1206767\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-November/000581.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3c3c250\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-November/000580.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ea3d222\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected policycoreutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:policycoreutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"policycoreutils-2.0.83-30.1.0.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"policycoreutils-2.0.83-30.1.0.1.el6_8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"policycoreutils\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:49:28", "description": "Security Fix(es) :\n\n - It was found that the sandbox tool provided in\n policycoreutils was vulnerable to a TIOCSTI ioctl\n attack. A specially crafted program executed via the\n sandbox command could use this flaw to execute arbitrary\n commands in the context of the parent shell, escaping\n the sandbox. (CVE-2016-7545)", "edition": 17, "published": "2016-11-22T00:00:00", "title": "Scientific Linux Security Update : policycoreutils on SL6.x, SL7.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-7545"], "modified": "2016-11-22T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161114_POLICYCOREUTILS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nexit(0, \"Temporarily disabled\");\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95048);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-7545\");\n\n script_name(english:\"Scientific Linux Security Update : policycoreutils on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that the sandbox tool provided in\n policycoreutils was vulnerable to a TIOCSTI ioctl\n attack. A specially crafted program executed via the\n sandbox command could use this flaw to execute arbitrary\n commands in the context of the parent shell, escaping\n the sandbox. (CVE-2016-7545)\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1611&L=scientific-linux-errata&F=&S=&P=3343\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f6ace62d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-debuginfo-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-gui-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-newrole-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-python-2.0.83-30.1.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"policycoreutils-sandbox-2.0.83-30.1.el6_8\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-debuginfo-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-devel-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-gui-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-newrole-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-python-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-restorecond-2.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"policycoreutils-sandbox-2.5-9.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:37", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "Package : policycoreutils\nVersion : 2.1.10-9+deb7u1\nCVE ID : CVE-2016-7545\nDebian Bug : 838599\n\nIt was discovered that there was a sandbox escape via the "TIOCSTI" ioctl in\npolicycoreutils, a set of programs required for the basic operation of an\nSELinux-based system.\n\nFor Debian 7 "Wheezy", this issue has been fixed in policycoreutils version\n2.1.10-9+deb7u1.\n\nWe recommend that you upgrade your policycoreutils packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 2, "modified": "2016-09-25T16:05:39", "published": "2016-09-25T16:05:39", "id": "DEBIAN:DLA-638-1:55A32", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201609/msg00030.html", "title": "[SECURITY] [DLA 638-1] policycoreutils security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:17", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "[2.0.83-30.1.0.1]\n- Lazy unmount private, shared entry(Joe Jin)[orabug 12560705]\n[2.0.83-30.1]\n- sandbox: create a new session for sandboxed processes\nResolves: CVE-2016-7545", "edition": 4, "modified": "2016-11-14T00:00:00", "published": "2016-11-14T00:00:00", "id": "ELSA-2016-2702", "href": "http://linux.oracle.com/errata/ELSA-2016-2702.html", "title": "policycoreutils security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-10-30T13:19:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7545"], "description": "**CentOS Errata and Security Advisory** CESA-2016:2702\n\n\nThe policycoreutils packages contain the core policy utilities required to manage a SELinux environment.\n\nSecurity Fix(es):\n\n* It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-November/034185.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-November/003686.html\n\n**Affected packages:**\npolicycoreutils\npolicycoreutils-devel\npolicycoreutils-gui\npolicycoreutils-newrole\npolicycoreutils-python\npolicycoreutils-restorecond\npolicycoreutils-sandbox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2702.html", "edition": 87, "modified": "2016-11-25T16:47:58", "published": "2016-11-19T11:15:32", "href": "http://lists.centos.org/pipermail/centos-announce/2016-November/034185.html", "id": "CESA-2016:2702", "title": "policycoreutils security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
