Vulnerability DatabaseCVE-2016-4444
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2016-4444
April 11, 2017
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
Related ResourcesĀ (8)
https://bugzilla.redhat.com/show_bug.cgi?id=1332644
http://www.securityfocus.com/bid/91476
http://seclists.org/oss-sec/2016/q2/575
https://access.redhat.com/errata/RHSA-2016:1293
https://access.redhat.com/security/cve/CVE-2016-4444
http://www.securitytracker.com/id/1036144
https://github.com/fedora-selinux/setroubleshoot/commit/5cd60033ea7f5bdf8c19c27b23ea2d773d9b09f5
https://rhn.redhat.com/errata/RHSA-2016-1267.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
6.9
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77
EPSS
Base Score:
0.07