vulnerability
Oracle Linux: CVE-2016-7545: ELSA-2016-2702: policycoreutils security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | 2016-09-22 | 2016-11-14 | 2025-01-07 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
2016-09-22
Added
2016-11-14
Modified
2025-01-07
Description
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox.
Solution(s)
oracle-linux-upgrade-policycoreutilsoracle-linux-upgrade-policycoreutils-develoracle-linux-upgrade-policycoreutils-guioracle-linux-upgrade-policycoreutils-newroleoracle-linux-upgrade-policycoreutils-pythonoracle-linux-upgrade-policycoreutils-restorecondoracle-linux-upgrade-policycoreutils-sandbox
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.