Vulnerabilities > CVE-2018-1063
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Application | 1 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-0913.NASL description An update for policycoreutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Renaud Metrich (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 108991 published 2018-04-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108991 title RHEL 7 : policycoreutils (RHSA-2018:0913) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:0913. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(108991); script_version("1.8"); script_cvs_date("Date: 2019/10/24 15:35:44"); script_cve_id("CVE-2018-1063"); script_xref(name:"RHSA", value:"2018:0913"); script_name(english:"RHEL 7 : policycoreutils (RHSA-2018:0913)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for policycoreutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Renaud Metrich (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section." ); # https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/7/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dde41582" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:0913" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-1063" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:policycoreutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:policycoreutils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:policycoreutils-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:policycoreutils-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:policycoreutils-newrole"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:policycoreutils-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:policycoreutils-restorecond"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:policycoreutils-sandbox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:0913"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"policycoreutils-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"policycoreutils-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"policycoreutils-debuginfo-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"policycoreutils-devel-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"policycoreutils-gui-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"policycoreutils-gui-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"policycoreutils-newrole-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"policycoreutils-newrole-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"policycoreutils-python-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"policycoreutils-python-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"policycoreutils-restorecond-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"policycoreutils-restorecond-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"policycoreutils-sandbox-2.5-22.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"policycoreutils-sandbox-2.5-22.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "policycoreutils / policycoreutils-debuginfo / policycoreutils-devel / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0927-1.NASL description This update for policycoreutils fixes the following issues : - CVE-2018-1063: Prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109015 published 2018-04-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109015 title SUSE SLES11 Security Update : policycoreutils (SUSE-SU-2018:0927-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0927-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(109015); script_version("1.4"); script_cvs_date("Date: 2019/09/10 13:51:47"); script_cve_id("CVE-2018-1063"); script_name(english:"SUSE SLES11 Security Update : policycoreutils (SUSE-SU-2018:0927-1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for policycoreutils fixes the following issues : - CVE-2018-1063: Prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083624" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1063/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180927-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?371831ef" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-policycoreutils-13556=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-policycoreutils-13556=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:policycoreutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", reference:"policycoreutils-2.0.79-4.9.3.3")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "policycoreutils"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-0913.NASL description From Red Hat Security Advisory 2018:0913 : An update for policycoreutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Renaud Metrich (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 109110 published 2018-04-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109110 title Oracle Linux 7 : policycoreutils (ELSA-2018-0913) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:0913 and # Oracle Linux Security Advisory ELSA-2018-0913 respectively. # include("compat.inc"); if (description) { script_id(109110); script_version("1.3"); script_cvs_date("Date: 2019/09/27 13:00:38"); script_cve_id("CVE-2018-1063"); script_xref(name:"RHSA", value:"2018:0913"); script_name(english:"Oracle Linux 7 : policycoreutils (ELSA-2018-0913)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2018:0913 : An update for policycoreutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Renaud Metrich (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2018-April/007615.html" ); script_set_attribute( attribute:"solution", value:"Update the affected policycoreutils packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:policycoreutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:policycoreutils-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:policycoreutils-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:policycoreutils-newrole"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:policycoreutils-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:policycoreutils-restorecond"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:policycoreutils-sandbox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/02"); script_set_attribute(attribute:"patch_publication_date", value:"2018/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"policycoreutils-2.5-22.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"policycoreutils-devel-2.5-22.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"policycoreutils-gui-2.5-22.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"policycoreutils-newrole-2.5-22.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"policycoreutils-python-2.5-22.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"policycoreutils-restorecond-2.5-22.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"policycoreutils-sandbox-2.5-22.el7")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "policycoreutils / policycoreutils-devel / policycoreutils-gui / etc"); }
NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1076.NASL description Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing).(CVE-2018-1063) last seen 2020-06-01 modified 2020-06-02 plugin id 117590 published 2018-09-19 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117590 title Amazon Linux 2 : policycoreutils (ALAS-2018-1076) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2018-1076. # include("compat.inc"); if (description) { script_id(117590); script_version("1.1"); script_cvs_date("Date: 2018/09/19 10:04:09"); script_cve_id("CVE-2018-1063"); script_xref(name:"ALAS", value:"2018-1076"); script_name(english:"Amazon Linux 2 : policycoreutils (ALAS-2018-1076)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing).(CVE-2018-1063)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1076.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update policycoreutils' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:policycoreutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:policycoreutils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:policycoreutils-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:policycoreutils-gui"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:policycoreutils-newrole"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:policycoreutils-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:policycoreutils-restorecond"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:policycoreutils-sandbox"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"policycoreutils-2.5-22.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"policycoreutils-debuginfo-2.5-22.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"policycoreutils-devel-2.5-22.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"policycoreutils-gui-2.5-22.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"policycoreutils-newrole-2.5-22.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"policycoreutils-python-2.5-22.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"policycoreutils-restorecond-2.5-22.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"policycoreutils-sandbox-2.5-22.amzn2")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "policycoreutils / policycoreutils-debuginfo / policycoreutils-devel / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2400.NASL description According to the version of the policycoreutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.(CVE-2018-1063) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131892 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131892 title EulerOS 2.0 SP2 : policycoreutils (EulerOS-SA-2019-2400) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0030_POLICYCOREUTILS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has policycoreutils packages installed that are affected by a vulnerability: - Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). (CVE-2018-1063) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127195 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127195 title NewStart CGSL CORE 5.04 / MAIN 5.04 : policycoreutils Vulnerability (NS-SA-2019-0030) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1423.NASL description According to the version of the policycoreutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.(CVE-2018-1063) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2020-04-15 plugin id 135552 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135552 title EulerOS 2.0 SP3 : policycoreutils (EulerOS-SA-2020-1423) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0926-1.NASL description This update for policycoreutils fixes the following issues : - CVE-2018-1063: Fixed problem to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 109014 published 2018-04-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109014 title SUSE SLES12 Security Update : policycoreutils (SUSE-SU-2018:0926-1) NASL family Scientific Linux Local Security Checks NASL id SL_20180410_POLICYCOREUTILS_ON_SL7_X.NASL description Security Fix(es) : - policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) This issue was discovered by Renaud Mtrich (Red Hat). Additional Changes : last seen 2020-03-18 modified 2018-05-01 plugin id 109457 published 2018-05-01 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109457 title Scientific Linux Security Update : policycoreutils on SL7.x x86_64 (20180410) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-0913.NASL description An update for policycoreutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es) : * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Renaud Metrich (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 109377 published 2018-04-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109377 title CentOS 7 : policycoreutils (CESA-2018:0913) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-362.NASL description This update for policycoreutils fixes the following issues : - CVE-2018-1063: Fixed problem to prevent chcon from following symlinks in /tmp, /var/tmp, /var/run and /var/lib/debug (bsc#1083624). This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2018-04-13 plugin id 109023 published 2018-04-13 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109023 title openSUSE Security Update : policycoreutils (openSUSE-2018-362)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|