Vulnerability-Lookup

CVE-2018-1063 (GCVE-0-2018-1063)

Vulnerability from cvelistv5 – Published: 2018-03-02 15:00 – Updated: 2024-08-05 03:51

Summary

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.

Severity ?

No CVSS data available.

CWE

CWE-59 - >CWE-282

Assigner

redhat

References

URL

	Vendor	Product	Version
	SELinux Project	policycoreutils	Affected: 2.5-11 and newer

GHSA-P5J6-RVWF-QCHG

Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2022-05-14 03:32

Details

Severity ?

4.4 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-03-02T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.",
  "id": "GHSA-p5j6-rvwf-qchg",
  "modified": "2022-05-14T03:32:25Z",
  "published": "2022-05-14T03:32:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1063"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0913"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2018-1063"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-1063

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1063

Aliases

CVE-2018-1063

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1063",
    "description": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.",
    "id": "GSD-2018-1063",
    "references": [
      "https://www.suse.com/security/cve/CVE-2018-1063.html",
      "https://access.redhat.com/errata/RHSA-2018:0913",
      "https://advisories.mageia.org/CVE-2018-1063.html",
      "https://linux.oracle.com/cve/CVE-2018-1063.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1063"
      ],
      "details": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.",
      "id": "GSD-2018-1063",
      "modified": "2023-12-13T01:22:36.937098Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2018-1063",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "policycoreutils",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "2.5-11 and newer"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SELinux Project"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-59",
                "lang": "eng",
                "value": "CWE-59-\u003eCWE-282"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2018:0913",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2018:0913"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:selinux_project:selinux:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-1063"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-59"
                },
                {
                  "lang": "en",
                  "value": "CWE-282"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122"
            },
            {
              "name": "RHSA-2018:0913",
              "refsource": "REDHAT",
              "tags": [],
              "url": "https://access.redhat.com/errata/RHSA-2018:0913"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2023-02-12T23:32Z",
      "publishedDate": "2018-03-02T15:29Z"
    }
  }
}

FKIE_CVE-2018-1063

Vulnerability from fkie_nvd - Published: 2018-03-02 15:29 - Updated: 2024-11-21 03:59

Severity ?

4.4 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:0913
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1550122	Issue Tracking, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0913
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1550122	Issue Tracking, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	enterprise_linux	7.0
	selinux_project	selinux	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:selinux_project:selinux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C42EBCF-BAC2-43F9-945A-E95A1B1B9078",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11."
    },
    {
      "lang": "es",
      "value": "El reetiquetado de contexto de sistemas de archivos es vulnerable a ataques de enlace simb\u00f3lico, lo que permite que una entidad maliciosa local no privilegiada cambie el contexto SELinux de un archivo arbitrario a un contexto con pocas restricciones. Esto solo ocurre cuando termina el proceso de reetiquetado, normalmente cuando se cambia el estado de SELinux de deshabilitado a habilitado (permisivo o impositivo). Este problema se ha abordado en policycoreutils 2.5.-11."
    }
  ],
  "id": "CVE-2018-1063",
  "lastModified": "2024-11-21T03:59:06.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-02T15:29:00.400",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2018:0913"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2018:0913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

CNVD-2018-04985

Vulnerability from cnvd - Published: 2018-03-13

Title

Red Hat policycoreutils存在未明漏洞

Description

Red Hat policycoreutils是美国红帽（Red Hat）公司的一个用于SELinux系统中的核心策略工具包。 Red Hat policycoreutils中存在安全漏洞。本地攻击者可利用该漏洞将任意文件的SELinux上下文更改成带有限制的上下文。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://github.com/SELinuxProject/selinux/tree/master/policycoreutils

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1550122

Impacted products

Name
Red Hat policycoreutils 2.5-11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1063"
    }
  },
  "description": "Red Hat policycoreutils\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8eSELinux\u7cfb\u7edf\u4e2d\u7684\u6838\u5fc3\u7b56\u7565\u5de5\u5177\u5305\u3002\r\n\r\nRed Hat policycoreutils\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u4efb\u610f\u6587\u4ef6\u7684SELinux\u4e0a\u4e0b\u6587\u66f4\u6539\u6210\u5e26\u6709\u9650\u5236\u7684\u4e0a\u4e0b\u6587\u3002",
  "discovererName": "Renaud M\u00e9trich",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/SELinuxProject/selinux/tree/master/policycoreutils",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04985",
  "openTime": "2018-03-13",
  "products": {
    "product": "Red Hat policycoreutils 2.5-11"
  },
  "referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1550122",
  "serverity": "\u4f4e",
  "submitTime": "2018-03-08",
  "title": "Red Hat policycoreutils\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1063 (GCVE-0-2018-1063)

GHSA-P5J6-RVWF-QCHG

GSD-2018-1063

FKIE_CVE-2018-1063

CNVD-2018-04985

Tags

Sightings

Nomenclature