vulnerability
Oracle Linux: CVE-2016-7545: ELSA-2016-2702: policycoreutils security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Sep 22, 2016 | Nov 14, 2016 | Dec 3, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Sep 22, 2016
Added
Nov 14, 2016
Modified
Dec 3, 2025
Description
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
Solutions
oracle-linux-upgrade-policycoreutilsoracle-linux-upgrade-policycoreutils-develoracle-linux-upgrade-policycoreutils-guioracle-linux-upgrade-policycoreutils-newroleoracle-linux-upgrade-policycoreutils-pythonoracle-linux-upgrade-policycoreutils-restorecondoracle-linux-upgrade-policycoreutils-sandbox
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.