CVE-2018-1063 — Link Following in Policycoreutils

CWE-59 — Link Following CWE-282 — Improper Ownership Management6 documents6 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 69.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Selinux Project Policycoreutils Debian Policycoreutils Redhat Enterprise Linux

Timeline

PublishedMar 2

Latest updateMay 14

Description

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages3 packages

▶Debianselinux_project/policycoreutils< 2.7-1+3

▶CVEListV5selinux_project/policycoreutils2.5-11 and newer

▶debiandebian/policycoreutils< policycoreutils 2.7-1 (bookworm)

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-p5j6-rvwf-qchg: Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context↗2022-05-14

▶

OSV

CVE-2018-1063: Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context↗2018-03-02

▶

📋Vendor Advisories

Red Hat

policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead↗2018-02-28

▶

Debian

CVE-2018-1063: policycoreutils - Context relabeling of filesystems is vulnerable to symbolic link attack, allowin...↗2018

▶

💬Community

Bugzilla

CVE-2018-1063 policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead↗2018-02-28

▶