CVE-2018-10928
First published: Mon Aug 06 2018(Updated: )
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/glusterfs | <0:3.12.2-18.el6 | 0:3.12.2-18.el6 |
| redhat/glusterfs | <0:3.12.2-18.el7 | 0:3.12.2-18.el7 |
| redhat/redhat-release-server | <0:6Server-6.10.0.24.el6 | 0:6Server-6.10.0.24.el6 |
| redhat/redhat-storage-server | <0:3.4.0.0-1.el6 | 0:3.4.0.0-1.el6 |
| redhat/redhat-release-server | <0:7.5-11.el7 | 0:7.5-11.el7 |
| redhat/redhat-storage-server | <0:3.4.0.0-1.el7 | 0:3.4.0.0-1.el7 |
| redhat/imgbased | <0:1.0.29-1.el7e | 0:1.0.29-1.el7e |
| redhat/redhat-release-virtualization-host | <0:4.2-7.3.el7 | 0:4.2-7.3.el7 |
| redhat/redhat-virtualization-host | <0:4.2-20181026.0.el7_6 | 0:4.2-20181026.0.el7_6 |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Gluster GlusterFS | >=3.12<3.12.14 | |
| Gluster GlusterFS | >=4.1<4.1.8 | |
| Redhat Gluster Storage | =3.0 | |
| Redhat Virtualization Host | =4.0 | |
| openSUSE Leap | =15.1 |
Remedy
To limit exposure of gluster server nodes : 1. gluster server should be on LAN and not reachable from public networks. 2. Use gluster auth.allow and auth.reject. 3. Use TLS certificates to authenticate gluster clients. caveat: This does not protect from attacks by authenticated gluster clients.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/errata/RHSA-2018:2607
- https://access.redhat.com/errata/RHSA-2018:2608
- https://access.redhat.com/errata/RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928
- https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://security.gentoo.org/glsa/201904-06
- https://www.cve.org/CVERecord?id=CVE-2018-10928 https://nvd.nist.gov/vuln/detail/CVE-2018-10928
- https://bugzilla.redhat.com/show_bug.cgi?id=1612659
- https://access.redhat.com/security/cve/CVE-2018-10928
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID of this flaw?
The vulnerability ID of this flaw is CVE-2018-10928.
What is the severity rating of CVE-2018-10928?
CVE-2018-10928 has a severity rating of 8.8 (high).
What is affected by CVE-2018-10928?
CVE-2018-10928 affects the glusterfs server.
How can an attacker exploit CVE-2018-10928?
An attacker can exploit CVE-2018-10928 by using a symlink destination to point to file paths outside of the gluster volume.
Are there any remedies available for CVE-2018-10928?
Yes, there are remedies available for CVE-2018-10928. Please refer to the provided references for more information.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-10928
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/redhat
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- vendor/gluster
- canonical/gluster glusterfs
- version/gluster glusterfs/3.12
- version/gluster glusterfs/4.1
- canonical/redhat gluster storage
- version/redhat gluster storage/3.0
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1