PT-2018-10015 · Selinux+3 · Policycoreutils+3

Richard Maciel Costa

Published

2018-03-02

Updated

2024-06-15

CVE-2018-1063

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions policycoreutils version 2.5-11

Description The issue allows a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions through a symbolic link attack on filesystems during the context relabeling process. This typically occurs when transitioning the SELinux state from disabled to enabled, either in permissive or enforcing mode.

Recommendations For policycoreutils version 2.5-11, consider restricting the use of the context relabeling feature until a patch is available, and ensure that SELinux state transitions are carefully managed to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CESA-2018_0913

CVE-2018-1063

MGASA-2021-0032

OPENSUSE-SU-2024:11179-1

RHSA-2018:0913

RHSA-2018_0913

SUSE-SU-2018:0926-1

SUSE-SU-2018:0927-1

SUSE-SU-2018_0926-1

SUSE-SU-2018_0927-1

Affected Products

Centos

Red Hat

Suse

Policycoreutils

PT-2018-10015 · Selinux+3 · Policycoreutils+3

CVE-2018-1063

Weakness Enumeration

Related Identifiers

Affected Products

References · 20