The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T00:32:25.375Z

Reserved: 2016-05-02T00:00:00

Link: CVE-2016-4445

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-04-11T18:59:00.260

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-4445

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-06-21T00:00:00Z

Links: CVE-2016-4445 - Bugzilla

cve-icon OpenCVE Enrichment

No data.