← voltar
CVE-2018-1063

CVE-2018-1063

EPSS 0.4%CWE-59
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
02 mar 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
Produtos afetados
SELinux Project · policycoreutils

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2018:0913https://bugzilla.redhat.com/show_bug.cgi?id=1550122