Description
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
Exploits (1)
exploitdb
WORKING POC
by Sebastian Krahmer · textlocallinux
https://www.exploit-db.com/exploits/36564
References (11)
Core 11
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73374
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/36564/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/03/26/1
Exploit x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1206050
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0729.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/119966
Exploit x_refsource_misc
https://github.com/stealth/troubleshooter
Exploit x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1203352
Scores
EPSS
0.3647
EPSS Percentile
97.1%
Details
CWE
CWE-77
Status
published
Products (2)
fedoraproject/fedora
22
selinux/setroubleshoot
< 3.2.21
Published
Mar 30, 2015
Tracked Since
Feb 18, 2026