#VU11180 Symlink attack in policycoreutils - CVE-2018-1063

Cybersecurity Help s.r.o.

Published: 2018-03-20 | Updated: 2018-03-20

Vulnerability identifier: #VU11180

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-1063

CWE-ID: CWE-61

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
policycoreutils
Client/Desktop applications / File managers, FTP clients

Vendor: GNU

Description
The vulnerability allows a local attacker to launch symlink attack on the target system.

The weakness exists in the /tmp and /var/tmp directories improper security restrictions when presenting the relabeling process through symlinks. A local attacker can modify the SELinux context of arbitrary files and conduct symlink attacks.

Mitigation
Cybersecurity is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

policycoreutils: 2.5.11

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1550122

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for policycoreutils

Symlink attack in GNU policycoreutils