A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
https://access.redhat.com/errata/RHSA-2018:2607
https://access.redhat.com/errata/RHSA-2018:2608
https://access.redhat.com/errata/RHSA-2018:3470
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10926
https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
Source: MITRE
Published: 2018-09-04
Updated: 2020-10-15
Type: CWE-22
Base Score: 6.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8
Severity: MEDIUM
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
OR
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
142286 | EulerOS 2.0 SP2 : glusterfs (EulerOS-SA-2020-2347) | Nessus | Huawei Local Security Checks | medium |
141768 | EulerOS Virtualization 3.0.2.2 : glusterfs (EulerOS-SA-2020-2187) | Nessus | Huawei Local Security Checks | medium |
140886 | EulerOS 2.0 SP3 : glusterfs (EulerOS-SA-2020-2119) | Nessus | Huawei Local Security Checks | medium |
137939 | EulerOS Virtualization 3.0.6.0 : glusterfs (EulerOS-SA-2020-1720) | Nessus | Huawei Local Security Checks | medium |
136228 | EulerOS Virtualization for ARM 64 3.0.2.0 : glusterfs (EulerOS-SA-2020-1525) | Nessus | Huawei Local Security Checks | medium |
133904 | EulerOS 2.0 SP5 : glusterfs (EulerOS-SA-2020-1103) | Nessus | Huawei Local Security Checks | medium |
133132 | openSUSE Security Update : glusterfs (openSUSE-2020-79) | Nessus | SuSE Local Security Checks | high |
123580 | GLSA-201904-06 : GlusterFS: Multiple Vulnerabilities | Nessus | Gentoo Local Security Checks | high |
120672 | Fedora 29 : glusterfs (2018-a54270a213) | Nessus | Fedora Local Security Checks | medium |
120410 | Fedora 28 : glusterfs (2018-4e660226e7) | Nessus | Fedora Local Security Checks | medium |
118982 | CentOS 7 : glusterfs (CESA-2018:2607) | Nessus | CentOS Local Security Checks | medium |
118790 | RHEL 7 : Virtualization Manager (RHSA-2018:3470) | Nessus | Red Hat Local Security Checks | high |
117841 | Fedora 27 : glusterfs (2018-9a4d7ec61e) | Nessus | Fedora Local Security Checks | medium |
117618 | Debian DLA-1510-1 : glusterfs security update | Nessus | Debian Local Security Checks | medium |
117318 | RHEL 6 : Gluster Storage (RHSA-2018:2608) (deprecated) | Nessus | Red Hat Local Security Checks | medium |
117317 | RHEL 7 : Gluster Storage (RHSA-2018:2607) | Nessus | Red Hat Local Security Checks | medium |