Vulnerabilities > CVE-2015-3170 - 7PK - Security Features vulnerability in Selinux Project Selinux

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
selinux-project
CWE-254

Summary

selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.

Vulnerable Configurations

Part Description Count
OS
Selinux_Project
1

Common Weakness Enumeration (CWE)