CVE-2018-1063
Public on 2018-03-02
Modified on 2018-09-15
Description
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing).
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | policycoreutils | 2018-09-12 | ALAS2-2018-1076 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.9 | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
| NVD | CVSSv2 | 3.3 | AV:L/AC:M/Au:N/C:P/I:P/A:N |
| NVD | CVSSv3 | 4.4 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |