Rapid7 Vulnerability & Exploit Database

Huawei EulerOS: CVE-2020-24612: selinux-policy security update

Back to Search

Huawei EulerOS: CVE-2020-24612: selinux-policy security update

Severity
2
CVSS
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Published
08/24/2020
Created
08/29/2022
Added
08/02/2022
Modified
08/02/2022

Description

An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA.

Solution(s)

  • huawei-euleros-2_0_sp10-upgrade-selinux-policy
  • huawei-euleros-2_0_sp10-upgrade-selinux-policy-minimum
  • huawei-euleros-2_0_sp10-upgrade-selinux-policy-mls
  • huawei-euleros-2_0_sp10-upgrade-selinux-policy-sandbox
  • huawei-euleros-2_0_sp10-upgrade-selinux-policy-targeted

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;