CVE-2018-1063

Impact:
Low
Public Date:
2018-02-28
CWE:
CWE-59->CWE-282
Bugzilla:
1550122: CVE-2018-1063 policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing).

Find out more about CVE-2018-1063 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 3.9
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity Impact Low
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (policycoreutils) RHSA-2018:0913 2018-04-10

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 policycoreutils Not affected
Red Hat Enterprise Linux 6 policycoreutils Will not fix
Red Hat Enterprise Linux 5 policycoreutils Not affected

Acknowledgements

This issue was discovered by Renaud Métrich (Red Hat).

Mitigation

Remove any symbolic links from /tmp and /var/tmp directories before relabeling the file system.

Last Modified