Red Hat Update for podman



Published: 2018-07-04 | Updated: 2018-11-25
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-10856
CWE-ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power
Operating systems & Components / Operating system

Red Hat Enterprise Linux for x86_64
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Privilege escalation

EUVDB-ID: #VU13565

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-10856

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to the application does not drop capabilities when executing a container as a non-root user. A remote attacker can gain root privileges and conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Power: 7

Red Hat Enterprise Linux for x86_64: 7.0


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2018:2037

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###