CVE-2016-4446

CVE Details

Release Date:2016-06-21

Description


The allow_execstack plugin for setroubleshoot allows local users toexecute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.

See more information about CVE-2016-4446 from MITRE CVE dictionary and NIST NVD


CVSS v2.0 metrics


NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 6.9 Base Metrics: AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector: Local network Attack Complexity: Medium
Authentication: None required Confidentiality Impact: Complete
Integrity Impact: Complete Availability Impact: Complete

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (setroubleshoot)ELSA-2016-12672016-06-21
Oracle Linux version 6 (setroubleshoot-plugins)ELSA-2016-12672016-06-21
Oracle Linux version 7 (setroubleshoot)ELSA-2016-12932016-06-23
Oracle Linux version 7 (setroubleshoot-plugins)ELSA-2016-12932016-06-23



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete