Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1063

Опубликовано: 28 фев. 2018
Источник: redhat
CVSS3: 3.9
EPSS Низкий

Описание

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing).

Меры по смягчению последствий

Remove any symbolic links from /tmp and /var/tmp directories before relabeling the file system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5policycoreutilsNot affected
Red Hat Enterprise Linux 6policycoreutilsWill not fix
Red Hat Enterprise Linux 8policycoreutilsNot affected
Red Hat Enterprise Linux 7policycoreutilsFixedRHSA-2018:091310.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-59->CWE-282
https://bugzilla.redhat.com/show_bug.cgi?id=1550122policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead

EPSS

Процентиль: 31%
0.00117
Низкий

3.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1063

CVSS3: 4.4
ubuntu
больше 7 лет назад

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.

nvd логотип

CVE-2018-1063

CVSS3: 4.4
nvd
больше 7 лет назад

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.

debian логотип

CVE-2018-1063

CVSS3: 4.4
debian
больше 7 лет назад

Context relabeling of filesystems is vulnerable to symbolic link attac ...

suse-cvrf логотип

openSUSE-SU-2018:0937-1

suse-cvrf
больше 7 лет назад

Security update for policycoreutils

suse-cvrf логотип

SUSE-SU-2018:0927-1

suse-cvrf
больше 7 лет назад

Security update for policycoreutils

EPSS

Процентиль: 31%
0.00117
Низкий

3.9 Low

CVSS3