 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2016-4989 |
| Description: | setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.871632 1.3.6.1.4.1.25623.1.0.871631 1.3.6.1.4.1.25623.1.0.882512 1.3.6.1.4.1.25623.1.0.882508 1.3.6.1.4.1.25623.1.0.882510 1.3.6.1.4.1.25623.1.0.882509 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-4989 http://seclists.org/oss-sec/2016/q2/574 RedHat Security Advisories: RHSA-2016:1267 https://rhn.redhat.com/errata/RHSA-2016-1267.html RedHat Security Advisories: RHSA-2016:1293 https://access.redhat.com/errata/RHSA-2016:1293 http://securitytracker.com/id/1036144 |