CVE-2015-1815: Command Injection
First published: Wed Mar 18 2015(Updated: )
It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. The vulnerable code in util.py: 266 def get_rpm_nvr_by_file_path_temporary(name): 267 if name is None or not os.path.exists(name): 268 return None 269 270 nvr = None 271 try: 272 import commands 273 rc, output = commands.getstatusoutput("rpm -qf '%s'" % name) 274 if rc == 0: 275 nvr = output 276 except: 277 syslog.syslog(syslog.LOG_ERR, "failed to retrieve rpm info for %s" % name) 278 return nvr Acknowledgements: Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Setroubleshoot-server | <=3.2.21 | |
| Red Hat Fedora | =22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html
- http://rhn.redhat.com/errata/RHSA-2015-0729.html
- http://www.openwall.com/lists/oss-security/2015/03/26/1
- http://www.osvdb.org/119966
- http://www.securityfocus.com/bid/73374
- https://bugzilla.redhat.com/show_bug.cgi?id=1203352
- https://bugzilla.redhat.com/show_bug.cgi?id=1206050
- https://github.com/stealth/troubleshooter
- https://www.exploit-db.com/exploits/36564/
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1003803&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1003803&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1203352#c10
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1004551&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1004551&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1206050
- https://rhn.redhat.com/errata/RHSA-2015-0729.html
Frequently Asked Questions
What is the severity of CVE-2015-1815?
CVE-2015-1815 has a medium severity rating due to the potential for privilege escalation.
How do I fix CVE-2015-1815?
To fix CVE-2015-1815, update the affected SELinux Setroubleshoot package to version 3.2.22 or later.
Which software is affected by CVE-2015-1815?
CVE-2015-1815 affects SELinux Setroubleshoot up to version 3.2.21 and Fedora version 22.
Can CVE-2015-1815 be exploited remotely?
CVE-2015-1815 typically requires local access to the system to be exploited.
What is the impact of CVE-2015-1815 on system security?
The impact of CVE-2015-1815 allows an attacker to escalate privileges, potentially leading to unauthorized access to system resources.
- collector/redhat-bugzilla
- alias/CVE-2015-1815
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/selinux
- canonical/red hat setroubleshoot-server
- version/red hat setroubleshoot-server/3.2.21
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/22