Vulnerability Details : CVE-2018-1063
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
Products affected by CVE-2018-1063
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:selinux_project:selinux:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1063
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1063
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:L/AC:M/Au:N/C:P/I:P/A:N |
3.4
|
4.9
|
NIST | |
4.4
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
1.8
|
2.5
|
NIST |
CWE ids for CVE-2018-1063
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
-
The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.Assigned by: secalert@redhat.com (Primary)
References for CVE-2018-1063
-
https://access.redhat.com/errata/RHSA-2018:0913
RHSA-2018:0913 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=1550122
1550122 – (CVE-2018-1063) CVE-2018-1063 policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target insteadIssue Tracking;Mitigation;Vendor Advisory
Jump to