The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
References
Configurations
History
13 Feb 2023, 00:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name. |
02 Feb 2023, 16:16
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. | |
References |
|
Information
Published : 2015-03-30 14:59
Updated : 2023-12-10 11:31
NVD link : CVE-2015-1815
Mitre link : CVE-2015-1815
CVE.ORG link : CVE-2015-1815
JSON object : View
Products Affected
selinux
- setroubleshoot
fedoraproject
- fedora
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')