CVE-2016-4989 — HIGH (7.0) — White Hats Nepal

Q: How severe is CVE-2016-4989?

CVE-2016-4989 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4989?

Check the references section above for vendor advisories and patch information. Affected products include: Setroubleshoot Project Setroubleshoot, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.

CVSS Score

7.0

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Setroubleshoot Project	Setroubleshoot	<= -
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Hpc Node	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-77

References

http://seclists.org/oss-sec/2016/q2/574Mailing ListThird Party Advisory
http://securitytracker.com/id/1036144PatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2016:1293Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1346461Issue Tracking
https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3Patch
https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c59Patch
https://rhn.redhat.com/errata/RHSA-2016-1267.htmlThird Party Advisory
http://seclists.org/oss-sec/2016/q2/574Mailing ListThird Party Advisory
http://securitytracker.com/id/1036144PatchThird Party Advisory
https://access.redhat.com/errata/RHSA-2016:1293Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1346461Issue Tracking
https://github.com/fedora-selinux/setroubleshoot/commit/dda55aa50db95a25f0d919c3Patch
https://github.com/fedora-selinux/setroubleshoot/commit/e69378d7e82a503534d29c59Patch
https://rhn.redhat.com/errata/RHSA-2016-1267.htmlThird Party Advisory

FAQ

What is CVE-2016-4989?

CVE-2016-4989 is a vulnerability with a CVSS score of 7.0 (HIGH). setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by ...

How severe is CVE-2016-4989?

CVE-2016-4989 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4989?

Check the references section above for vendor advisories and patch information. Affected products include: Setroubleshoot Project Setroubleshoot, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.