Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1815

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2015-1815
Last Modified 11 May 2015 10:03:39
Published 30 Mar 2015 10:59:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1815

Summary

The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.

Vulnerable Systems

Operating System

  • Fedoraproject Fedora 22

Application

  • Selinux Setroubleshoot 3.2.21


References

MISC - https://github.com/stealth/troubleshooter

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1206050

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1203352

MLIST - [oss-security] 20150326 Fwd: setroubleshoot root exploit (CVE-Request)

REDHAT - RHSA-2015:0729

FEDORA - FEDORA-2015-4792

FEDORA - FEDORA-2015-4838

FEDORA - FEDORA-2015-4833

EXPLOIT-DB - 36564

OSVDB - 119966


Last Updated: 27 May 2016 11:08:22