PT-2018-10015 · Selinux+3 · Policycoreutils+3

Richard Maciel Costa

Publicado

2018-03-02

Atualizado

2024-06-15

CVE-2018-1063

CVSS v3.1

4.4

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions policycoreutils version 2.5-11

Description The issue allows a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions through a symbolic link attack on filesystems during the context relabeling process. This typically occurs when transitioning the SELinux state from disabled to enabled, either in permissive or enforcing mode.

Recommendations For policycoreutils version 2.5-11, consider restricting the use of the context relabeling feature until a patch is available, and ensure that SELinux state transitions are carefully managed to minimize the risk of exploitation.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CESA-2018_0913

CVE-2018-1063

MGASA-2021-0032

OPENSUSE-SU-2024:11179-1

RHSA-2018:0913

RHSA-2018_0913

SUSE-SU-2018:0926-1

SUSE-SU-2018:0927-1

SUSE-SU-2018_0926-1

SUSE-SU-2018_0927-1

Produtos afetados

Centos

Red Hat

Suse

Policycoreutils

PT-2018-10015 · Selinux+3 · Policycoreutils+3

CVE-2018-1063

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20