14 matches found
EUVD-2007-5470
Malware in sbrugna...
Xxe
The fixlookupid function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function...
CVE-2016-4445
CVE-2016-4445 affects setroubleshoot: the fix_lookup_id function in sealert before 3.2.23 allows local users to run arbitrary commands as root by triggering an SELinux denial with a crafted filename, using commands.getstatusoutput. Affected: setroubleshoot prior to 3.2.23. Mitigation: upgrade to ...
CVE-2016-4445
The fixlookupid function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function...
setroubleshoot: insecure use of commands.getstatusoutput in sealert
A shell command injection flaw was found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use this flaw to execute arbitrary code with root privileges...
setroubleshoot: insecure use of commands.getstatusoutput in sealert
A shell command injection flaw was found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use this flaw to execute arbitrary code with root privileges...
Arbitrary file deletion
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file...
CVE-2007-5495
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file...
CVE-2007-5496
Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...
CVE-2007-5496
CVE-2007-5496 is a cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5. An unescaped HTML/JS path could be triggered by crafted (1) file or (2) process name, causing an AVC log entry to be inserted into the HTML document composition for sealert. Public disclosures reference the issue...
CVE-2007-5495
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file...
CVE-2007-5495
The CVE-2007-5495 issue affects setroubleshoot’s sealert (notably version 2.0.5) where a local unprivileged user can cause arbitrary file writes by exploiting a symlink to sealert.log. Multiple connected advisories/documentation confirm the flaw: a local symlink attack to the temporary sealert.lo...
setroubleshoot log injection
Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...
setroubleshoot insecure logging
sealert in setroubleshoot 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the sealert.log temporary file...