Package: glusterfs X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for glusterfs. CVE-2018-10904[0]: | It was found that glusterfs server does not properly sanitize file | paths in the "trusted.io-stats-dump" extended attribute which is used | by the "debug/io-stats" translator. Attacker can use this flaw to | create files and execute arbitrary code. To exploit this attacker | would require sufficient access to modify the extended attributes of | files on a gluster volume. CVE-2018-10907[1]: | It was found that glusterfs server is vulnerable to multiple stack | based buffer overflows due to functions in server-rpc-fopc.c | allocating fixed size buffers using 'alloca(3)'. An authenticated | attacker could exploit this by mounting a gluster volume and sending a | string longer that the fixed buffer size to cause crash or potential | code execution. CVE-2018-10911[2]: | A flaw was found in the way dic_unserialize function of glusterfs does | not handle negative key length values. An attacker could use this flaw | to read memory from other locations into the stored dict value. CVE-2018-10913[3]: | An information disclosure vulnerability was discovered in glusterfs | server. An attacker could issue a xattr request via glusterfs FUSE to | determine the existence of any file. CVE-2018-10914[4]: | It was found that an attacker could issue a xattr request via | glusterfs FUSE to cause gluster brick process to crash which will | result in a remote denial of service. If gluster multiplexing is | enabled this will result in a crash of multiple bricks and gluster | volumes. CVE-2018-10923[5]: | It was found that the "mknod" call derived from mknod(2) can create | files pointing to devices on a glusterfs server node. An authenticated | attacker could use this to create an arbitrary device and read data | from any device attached to the glusterfs server node. CVE-2018-10926[6]: | A flaw was found in RPC request using gfs3_mknod_req supported by | glusterfs server. An authenticated attacker could use this flaw to | write files to an arbitrary location via path traversal and execute | arbitrary code on a glusterfs server node. CVE-2018-10927[7]: | A flaw was found in RPC request using gfs3_lookup_req in glusterfs | server. An authenticated attacker could use this flaw to leak | information and execute remote denial of service by crashing gluster | brick process. CVE-2018-10928[8]: | A flaw was found in RPC request using gfs3_symlink_req in glusterfs | server which allows symlink destinations to point to file paths | outside of the gluster volume. An authenticated attacker could use | this flaw to create arbitrary symlinks pointing anywhere on the server | and execute arbitrary code on glusterfs server nodes. CVE-2018-10929[9]: | A flaw was found in RPC request using gfs2_create_req in glusterfs | server. An authenticated attacker could use this flaw to create | arbitrary files and execute arbitrary code on glusterfs server nodes. CVE-2018-10930[10]: | A flaw was found in RPC request using gfs3_rename_req in glusterfs | server. An authenticated attacker could use this flaw to write to a | destination outside the gluster volume. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10904 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10904 [1] https://security-tracker.debian.org/tracker/CVE-2018-10907 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10907 [2] https://security-tracker.debian.org/tracker/CVE-2018-10911 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10911 [3] https://security-tracker.debian.org/tracker/CVE-2018-10913 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10913 [4] https://security-tracker.debian.org/tracker/CVE-2018-10914 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10914 [5] https://security-tracker.debian.org/tracker/CVE-2018-10923 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10923 [6] https://security-tracker.debian.org/tracker/CVE-2018-10926 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10926 [7] https://security-tracker.debian.org/tracker/CVE-2018-10927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10927 [8] https://security-tracker.debian.org/tracker/CVE-2018-10928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10928 [9] https://security-tracker.debian.org/tracker/CVE-2018-10929 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10929 [10] https://security-tracker.debian.org/tracker/CVE-2018-10930 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10930 Please adjust the affected versions in the BTS as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature