Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAE930AB66DB9F071FE1A9879E8EAB1D98E0898FD2E5D7F536A08E649D1640734
HistorySep 26, 2018 - 5:50 p.m.

Security Bulletin: A vulnerability in policycoreutils affects PowerKVM

2018-09-2617:50:01
www.ibm.com
10

0.0004 Low

EPSS

Percentile

12.8%

JSON

Summary

PowerKVM is affected by a vulnerability in policycoreutils. IBM has now addressed this vulnerability.

Vulnerability Details

CVEID: CVE-2018-1063 DESCRIPTION: Policycoreutils could allow a local authenticated attacker to launch a symlink attack. Context relabeling of filesystems creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
CVSS Base Score: 3.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/139845&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

PowerKVM v3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. See <https://ibm.biz/BdHggw&gt;. This issue is addressed starting with v3.1.0.2 update 15.

Workarounds and Mitigations

none

CPENameOperatorVersion
powerkvmeq3.1

Related

openvas 6
mageia 1
prion 1
nessus 14
cve 1
oraclelinux 1
redhat 1
centos 1
nvd 1
redhatcve 1
cvelist 1
debiancve 1
amazon 1
ubuntucve 1
openvas
openvas
Huawei EulerOS: Security Advisory for policycoreutils (EulerOS-SA-2019-2400)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0927-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2021-0032)
2022-01-28 00:00:00
mageia
mageia
Updated policycoreutils packages fix a security vulnerability
2021-01-17 19:07:01
prion
prion
Code injection
2018-03-02 15:29:00
nessus
nessus
RHEL 6 : policycoreutils (Unpatched Vulnerability)
2024-05-11 00:00:00
EulerOS 2.0 SP3 : policycoreutils (EulerOS-SA-2020-1423)
2020-04-15 00:00:00
SUSE SLES11 Security Update : policycoreutils (SUSE-SU-2018:0927-1)
2018-04-12 00:00:00
cve
cve
CVE-2018-1063
2018-03-02 15:29:00
oraclelinux
oraclelinux
policycoreutils security, bug fix, and enhancement update
2018-04-16 00:00:00
redhat
redhat
(RHSA-2018:0913) Low: policycoreutils security, bug fix, and enhancement update
2018-04-10 05:03:39
centos
centos
policycoreutils security update
2018-04-26 17:49:24
nvd
nvd
CVE-2018-1063
2018-03-02 15:29:00
redhatcve
redhatcve
CVE-2018-1063
2018-03-01 15:23:06
cvelist
cvelist
CVE-2018-1063
2018-03-02 15:00:00
debiancve
debiancve
CVE-2018-1063
2018-03-02 15:29:00
amazon
amazon
Low: policycoreutils
2018-09-12 22:22:00
ubuntucve
ubuntucve
CVE-2018-1063
2018-03-02 00:00:00

0.0004 Low

EPSS

Percentile

12.8%

JSON
Related for AE930AB66DB9F071FE1A9879E8EAB1D98E0898FD2E5D7F536A08E649D1640734
openvas6mageia1prion1nessus14cve1oraclelinux1redhat1centos1nvd1redhatcve1cvelist1debiancve1amazon1ubuntucve1