First published: Wed Feb 28 2018(Updated: )
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Linux | =7.0 | |
SELinux Project SELinux |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1063 is a vulnerability that allows a local unprivileged attacker to change the SELinux context of an arbitrary file to a context with few restrictions.
CVE-2018-1063 has a severity rating of medium, with a score of 4.4.
Redhat Enterprise Linux 7.0 and SELinux Project SELinux are affected by CVE-2018-1063.
To fix CVE-2018-1063, it is recommended to apply the patches provided by Redhat or SELinux Project.
You can find more information about CVE-2018-1063 in the references provided: [RHSA-2018:0913](https://access.redhat.com/errata/RHSA-2018:0913) and [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1550122).