CVE-2018-1063 — MEDIUM (4.4)

Vulnerability Description

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.

CVSS Score

4.4

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux	7.0
Selinux Project	Selinux	-

Related Weaknesses (CWE)

CWE-59

References

https://access.redhat.com/errata/RHSA-2018:0913
https://bugzilla.redhat.com/show_bug.cgi?id=1550122Issue TrackingMitigationVendor Advisory
https://access.redhat.com/errata/RHSA-2018:0913
https://bugzilla.redhat.com/show_bug.cgi?id=1550122Issue TrackingMitigationVendor Advisory

FAQ

What is CVE-2018-1063?

CVE-2018-1063 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restri...

How severe is CVE-2018-1063?

CVE-2018-1063 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1063?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Selinux Project Selinux.