CVE-2015-1815

setroubleshoot < 3.2.22 - Remote Code Execution via Filename Shell Metacharacters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1815. PoCs published by Sebastian Krahmer.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in setroubleshootd (CVE-2015-1815) by crafting a malicious filename that is passed to a shell command via Python's `commands.getstatusoutput()`. The PoC uses NetworkManager's OpenVPN plugin to trigger an SELinux access violation, leading to arbitrary command execution as root.

Description

The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.

Exploits (1)

exploitdb WORKING POC

by Sebastian Krahmer · textlocallinux

https://www.exploit-db.com/exploits/36564

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in setroubleshootd (CVE-2015-1815) by crafting a malicious filename that is passed to a shell command via Python's `commands.getstatusoutput()`. The PoC uses NetworkManager's OpenVPN plugin to trigger an SELinux access violation, leading to arbitrary command execution as root.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: setroubleshootd (Fedora 21)

Auth required

Prerequisites: Polkit authorization to modify NetworkManager VPN connections · NetworkManager with OpenVPN plugin installed

MITRE ATT&CK