CVE-2018-1087 was discovered in a script function. It was reported that when the script function was called, it sometimes resulted in an out of bounds write. This could result in remote code execution. This vulnerability was confirmed on Red Hat Enterprise Linux 7 Update 6, Red Hat Enterprise Linux 7 Update 7, and Red Hat Enterprise Linux 7 Update 8. It was reported by Red Hat that this issue was fixed in Red Hat Enterprise Linux 7 Update 9. Unfortunately, it was discovered that the fix was incomplete. The incomplete fix was included in Red Hat Enterprise Linux 7 Update 9 and later versions. This issue was resolved in Red Hat Enterprise Linux 8.0 with the update to Red Hat Enterprise Linux 8.2. It was reported that when the script function was called, it sometimes resulted in an out of bounds write. This could result in remote code execution.
CVE-2018-1087 was discovered in a script function. It was reported that when the script function was called, it sometimes resulted in an out of bounds write. This could result in remote code execution. This vulnerability was confirmed on Red Hat Enterprise Linux 7 Update 6, Red Hat Enterprise Linux 7 Update 7, and Red Hat Enterprise Linux 7 Update 8. It was reported by Red Hat that this issue was fixed in Red Hat Enterprise Linux 7 Update 9. Unfortunately, it was discovered that the fix was incomplete. The incomplete fix was included in Red Hat Enterprise Linux 7 Update 9 and later versions. This issue was resolved in
Potential Impact of Vulnerability
This vulnerability, CVE-2018-1087, could potentially impact a system running Red Hat Enterprise Linux.
Infrastructure considerations for web application security
In some cases, web application security may be as important as the business infrastructure that it supports.
In fact, 84 percent of respondents of a report say web application security is important to enterprise success.
Even so, there are many considerations when it comes to web application security. Reviewing your development practices and taking a hard look at how you’re handling your infrastructure would help with this.
Base Priority and Triage
The vulnerability is rated as High. The severity is ranked on a scale of 1 to 10, with 10 being the highest.
If you are using this product and it has been updated to Red Hat Enterprise Linux 8.2, the issue no longer exists. Therefore, it should not be triaged as an unconfirmed vulnerability.
Red Hat has not confirmed that the flaw is fixed in later versions of Red Hat Enterprise Linux 7 or Red Hat Enterprise Linux 8. However, based on Red Hat's response to the issue, it can be assumed that the issue no longer exists in those versions of Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8.
Therefore, this issue will not be classified as a confirmed vulnerability.
Timeline
Published on: 09/19/2022 22:15:00 UTC
Last modified on: 09/21/2022 18:30:00 UTC