EUVD-2016-5435

Malware in sbrugna...

EUVD-2016-5433

Malware in sbrugna...

SUSE CVE-2016-4446

The allowexecstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function...

Red Hat Enterprise Linux setroubleshoot allow_execmod plugin shell command injection vulnerability

Red Hat Enterprise Linux RHEL is a Linux operating system maintained and distributed by Red Hat for business users. setroubleshoot is one of the troubleshooting tools. A shell command injection vulnerability exists in the allowexecmod plugin in RHEL's setroubleshoot. A local attacker could exploi...

setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin

A shell command injection flaw was found in the way the setroubleshoot allowexecstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges...

setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin

A shell command injection flaw was found in the way the setroubleshoot allowexecmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges...

CVE-2016-4444

A shell command injection flaw was found in the way the setroubleshoot allowexecmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges...