[oss-security] 20160621 Re: SELinux troubles

91476

1036144

RHSA-2016:1293

https://bugzilla.redhat.com/show_bug.cgi?id=1332644

https://github.com/fedora-selinux/setroubleshoot/commit/5cd60033ea7f5bdf8c19c27b23ea2d773d9b09f5

RHSA-2016:1267

According to the versions of the setroubleshoot setroubleshoot-plugins packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The setroubleshoot packages provide tools to help     diagnose SELinux problems. When Access Vector Cache     (AVC) messages are returned, an alert can be generated     that provides information about the problem and helps     to track its resolution.

  - The setroubleshoot-plugins package provides a set of     analysis plugins for use with setroubleshoot. Each     plugin has the capacity to analyze SELinux AVC data and     system data to provide user friendly reports describing     how to interpret SELinux AVC denials.

  - Security Fix(es)i1/4s

  - Shell command injection flaws were found in the way the     setroubleshoot executed external commands. A local     attacker able to trigger certain SELinux denials could     use these flaws to execute arbitrary code with     privileges of the setroubleshoot user.(CVE-2016-4989)

  - Shell command injection flaws were found in the way the     setroubleshoot allow_execmod and allow_execstack     plugins executed external commands. A local attacker     able to trigger an execmod or execstack SELinux denial     could use these flaws to execute arbitrary code with     privileges of the setroubleshoot user.
    (CVE-2016-4444,CVE-2016-4446)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.

Security Fix(es) :

  - Shell command injection flaws were found in the way the     setroubleshoot executed external commands. A local     attacker able to trigger certain SELinux denials could     use these flaws to execute arbitrary code with     privileges of the setroubleshoot user. (CVE-2016-4989)

  - Shell command injection flaws were found in the way the     setroubleshoot allow_execmod and allow_execstack plugins     executed external commands. A local attacker able to     trigger an execmod or execstack SELinux denial could use     these flaws to execute arbitrary code with privileges of     the setroubleshoot user. (CVE-2016-4444, CVE-2016-4446)

The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4989 issue was discovered by Red Hat Product Security.

Note: On Scientific Linux 7.0 and 7.1, the setroubleshoot is run with root privileges. Therefore, these issues could allow an attacker to execute arbitrary code with root privileges.

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.

Security Fix(es) :

  - Shell command injection flaws were found in the way the     setroubleshoot executed external commands. A local     attacker able to trigger certain SELinux denials could     use these flaws to execute arbitrary code with root     privileges. (CVE-2016-4445, CVE-2016-4989)

  - Shell command injection flaws were found in the way the     setroubleshoot allow_execmod and allow_execstack plugins     executed external commands. A local attacker able to     trigger an execmod or execstack SELinux denial could use     these flaws to execute arbitrary code with root     privileges. (CVE-2016-4444, CVE-2016-4446)

The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4445 and CVE-2016-4989 issues were discovered by Red Hat Product Security.

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution.

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.

Security Fix(es) :

* Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with privileges of the setroubleshoot user.
(CVE-2016-4989)

* Shell command injection flaws were found in the way the setroubleshoot allow_execmod and allow_execstack plugins executed external commands. A local attacker able to trigger an execmod or execstack SELinux denial could use these flaws to execute arbitrary code with privileges of the setroubleshoot user. (CVE-2016-4444, CVE-2016-4446)

The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4989 issue was discovered by Red Hat Product Security.

Note: On Red Hat Enterprise Linux 7.0 and 7.1, the setroubleshoot is run with root privileges. Therefore, these issues could allow an attacker to execute arbitrary code with root privileges.

From Red Hat Security Advisory 2016:1293 :

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution.

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.

Security Fix(es) :

* Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with privileges of the setroubleshoot user.
(CVE-2016-4989)

* Shell command injection flaws were found in the way the setroubleshoot allow_execmod and allow_execstack plugins executed external commands. A local attacker able to trigger an execmod or execstack SELinux denial could use these flaws to execute arbitrary code with privileges of the setroubleshoot user. (CVE-2016-4444, CVE-2016-4446)

The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4989 issue was discovered by Red Hat Product Security.

Note: On Red Hat Enterprise Linux 7.0 and 7.1, the setroubleshoot is run with root privileges. Therefore, these issues could allow an attacker to execute arbitrary code with root privileges.

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution.

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.

Security Fix(es) :

* Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges. (CVE-2016-4445, CVE-2016-4989)

* Shell command injection flaws were found in the way the setroubleshoot allow_execmod and allow_execstack plugins executed external commands. A local attacker able to trigger an execmod or execstack SELinux denial could use these flaws to execute arbitrary code with root privileges. (CVE-2016-4444, CVE-2016-4446)

The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4445 and CVE-2016-4989 issues were discovered by Red Hat Product Security.

From Red Hat Security Advisory 2016:1267 :

An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution.

The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials.

Security Fix(es) :

* Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges. (CVE-2016-4445, CVE-2016-4989)

* Shell command injection flaws were found in the way the setroubleshoot allow_execmod and allow_execstack plugins executed external commands. A local attacker able to trigger an execmod or execstack SELinux denial could use these flaws to execute arbitrary code with root privileges. (CVE-2016-4444, CVE-2016-4446)

The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4445 and CVE-2016-4989 issues were discovered by Red Hat Product Security.

ID	Name	Product	Family	Severity
99796	EulerOS 2.0 SP1 : setroubleshoot setroubleshoot-plugins (EulerOS-SA-2016-1033)	Nessus	Huawei Local Security Checks	medium
91809	Scientific Linux Security Update : setroubleshoot and setroubleshoot-plugins on SL7.x x86_64 (20160623)	Nessus	Scientific Linux Local Security Checks	medium
91806	Scientific Linux Security Update : setroubleshoot and setroubleshoot-plugins on SL6.x i386/x86_64 (20160621)	Nessus	Scientific Linux Local Security Checks	medium
91803	RHEL 7 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1293)	Nessus	Red Hat Local Security Checks	medium
91798	Oracle Linux 7 : setroubleshoot / setroubleshoot-plugins (ELSA-2016-1293)	Nessus	Oracle Linux Local Security Checks	medium
91787	CentOS 7 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1293)	Nessus	CentOS Local Security Checks	medium
91757	RHEL 6 : setroubleshoot and setroubleshoot-plugins (RHSA-2016:1267)	Nessus	Red Hat Local Security Checks	medium
91737	Oracle Linux 6 : setroubleshoot / setroubleshoot-plugins (ELSA-2016-1267)	Nessus	Oracle Linux Local Security Checks	medium
91732	CentOS 6 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1267)	Nessus	CentOS Local Security Checks	medium

CVE-2016-4444

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins