Executive Summary

Informations
Name CVE-2015-1815 First vendor Publication 2015-03-30
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1815

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-77 Improper Sanitization of Special Elements used in a Command ('Command Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2015-04-09 Name : The remote Fedora host is missing a security update.
File : fedora_2015-4833.nasl - Type : ACT_GATHER_INFO
2015-04-09 Name : The remote Fedora host is missing a security update.
File : fedora_2015-4838.nasl - Type : ACT_GATHER_INFO
2015-04-03 Name : The remote Fedora host is missing a security update.
File : fedora_2015-4792.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0729.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0729.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0729.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150326_setroubleshoot_on_SL5_x.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/73374
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1203352
https://bugzilla.redhat.com/show_bug.cgi?id=1206050
EXPLOIT-DB https://www.exploit-db.com/exploits/36564/
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154427.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154444.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/154147.html
MISC https://github.com/stealth/troubleshooter
MLIST http://www.openwall.com/lists/oss-security/2015/03/26/1
OSVDB http://www.osvdb.org/119966
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0729.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Date Informations
2023-02-13 05:28:11
  • Multiple Updates
2023-02-02 21:28:30
  • Multiple Updates
2021-05-04 12:38:43
  • Multiple Updates
2021-04-22 01:47:27
  • Multiple Updates
2020-05-23 01:55:09
  • Multiple Updates
2020-05-23 00:44:34
  • Multiple Updates
2016-12-31 09:24:27
  • Multiple Updates
2016-06-29 00:53:19
  • Multiple Updates
2015-12-05 13:27:00
  • Multiple Updates
2015-05-12 09:28:53
  • Multiple Updates
2015-04-14 09:28:34
  • Multiple Updates
2015-04-10 13:28:13
  • Multiple Updates
2015-04-09 21:27:57
  • Multiple Updates
2015-04-07 09:28:01
  • Multiple Updates
2015-04-04 13:27:27
  • Multiple Updates
2015-03-31 21:27:54
  • Multiple Updates
2015-03-30 21:27:54
  • First insertion