← volver
CVE-2018-1063

CVE-2018-1063

EPSS 0.4%CWE-59
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
02 mar 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
Productos afectados
SELinux Project · policycoreutils

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2018:0913https://bugzilla.redhat.com/show_bug.cgi?id=1550122