CVE-2018-10923

Published: Sep 4, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.

Affected (8)

Products: Gluster: Glusterfs · Debian: Debian Linux · Redhat: Enterprise Linux Server, Virtualization Host · +1 more

Show all products

Gluster: Glusterfs · Debian: Debian Linux · Redhat: Enterprise Linux Server, Virtualization Host · Opensuse: Leap

1 product

1 product

2 products

Enterprise Linux Server

Virtualization Host

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gluster Glusterfs	From 3.12.0 to 3.12.14
Gluster Glusterfs	From 4.1.0 to 4.1.8

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Virtualization Host	Version 4.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2607

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2608

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3470

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923

Source: secalert@redhat.com

Issue TrackingMitigation

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201904-06

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2607

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2608

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3470

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigation

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201904-06

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.