CVE-2018-10904

Published: Sep 4, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

Affected (8)

Products: Gluster: Glusterfs · Redhat: Enterprise Linux Server, Virtualization Host · Debian: Debian Linux · +1 more

Show all products

Gluster: Glusterfs · Redhat: Enterprise Linux Server, Virtualization Host · Debian: Debian Linux · Opensuse: Leap

1 product

2 products

Enterprise Linux Server

Virtualization Host

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gluster Glusterfs	From 3.12.0 to 3.12.14
Gluster Glusterfs	From 4.1.0 to 4.1.8

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Virtualization Host	Version 4.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Related CWEs

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2607

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2608

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3470

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904

Source: secalert@redhat.com

Issue TrackingMitigationThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://review.gluster.org/#/c/glusterfs/+/21072/

Source: secalert@redhat.com

PatchVendor Advisory

https://security.gentoo.org/glsa/201904-06

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2607

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2608

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3470

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://review.gluster.org/#/c/glusterfs/+/21072/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.gentoo.org/glsa/201904-06

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.