CVE-2018-1063
Summary
| CVE | CVE-2018-1063 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-03-02 15:29:00 UTC |
| Updated | 2023-11-07 02:55:00 UTC |
| Description | Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. |
Risk And Classification
Problem Types: CWE-59
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Application | Selinux Project | Selinux | - | All | All | All |
| Application | Selinux Project | Selinux | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1550122 – (CVE-2018-1063) CVE-2018-1063 policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead | CONFIRM | bugzilla.redhat.com | Issue Tracking, Mitigation, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| CVE-2018-1063 - Red Hat Customer Portal | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.