CVE-2015-1795
First published: Wed Mar 11 2015(Updated: )
It was discovered that the glusterfs.spec file writes a shell script under a predictable temporary name. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs packages. The vulnerable code is: -- rpm in RHEL5 does not have os.tmpname() -- io.tmpfile() can not be resolved to a filename to pass to bash :-/ tmpname = "/tmp/glusterfs_pretrans_" .. os.date("%s") tmpfile = io.open(tmpname, "w") tmpfile:write(script) tmpfile:close() ok, how, val = os.execute("/bin/bash " .. tmpname)
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Gluster Storage | =3.2 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1200927#c3
- https://rhn.redhat.com/errata/RHSA-2017-0484.html
- https://rhn.redhat.com/errata/RHSA-2017-0486.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1200927
- http://rhn.redhat.com/errata/RHSA-2017-0484.html
- http://rhn.redhat.com/errata/RHSA-2017-0486.html
- http://www.securityfocus.com/bid/99311
- http://www.securitytracker.com/id/1038128
- collector/redhat-bugzilla
- alias/CVE-2015-1795
- collector/nvd-index
- agent/weakness
- agent/type
- agent/tags
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/redhat
- canonical/redhat gluster storage
- version/redhat gluster storage/3.2
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0