Setroubleshoot Project: >> Setroubleshoot >> 3.2.21 Security Vulnerabilities
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-04-11
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
CVSS Score
7.0
EPSS Score
0.001
Published
2017-04-11