This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Oracle Linux host is missing one or more security updates.
From Red Hat Security Advisory 2016:2702 :
An update for policycoreutils is now available for Red Hat Enterprise
Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The policycoreutils packages contain the core policy utilities
required to manage a SELinux environment.
Security Fix(es) :
* It was found that the sandbox tool provided in policycoreutils was
vulnerable to a TIOCSTI ioctl attack. A specially crafted program
executed via the sandbox command could use this flaw to execute
arbitrary commands in the context of the parent shell, escaping the
See also :
Update the affected policycoreutils packages.
Risk factor :
High / CVSS Base Score : 7.2
CVSS Temporal Score : 5.5
Public Exploit Available : false