CVE-2018-1063
MEDIUMRed Hat Enterprise Linux - Improper Link Resolution Before File Access in Context Relabeling
Title source: llmDescription
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
References (2)
Core 2
Core References
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1550122
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0913
Scores
CVSS v3
4.4
EPSS
0.0039
EPSS Percentile
31.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-59
Status
published
Products (2)
redhat/enterprise_linux
7.0
selinux_project/selinux
Published
Mar 02, 2018
Tracked Since
Feb 18, 2026