Bug 1593525 - CVE-2018-10841 glusterfs: access trusted peer group via remote-host command [glusterfs upstream]
Summary: CVE-2018-10841 glusterfs: access trusted peer group via remote-host command [...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Deadline: 2018-07-20
Product: GlusterFS
Classification: Community
Component: core
Version: 4.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Mohit Agrawal
QA Contact:
URL:
Whiteboard: component:glusterfs
Depends On: 1582129 1593526
Blocks: CVE-2018-10841 1593232
TreeView+ depends on / blocked
 
Reported: 2018-06-21 01:59 UTC by Mohit Agrawal
Modified: 2019-05-11 11:43 UTC (History)
9 users (show)

Fixed In Version: glusterfs-4.1.1
Doc Type: Release Note
Doc Text:
Clone Of: 1582129
Environment:
Last Closed: 2019-05-11 11:43:46 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:


Attachments (Terms of Use)

Comment 1 Mohit Agrawal 2018-06-21 02:02:31 UTC
RCA: In SSL environment the user is able to access volume via remote-host command 
     without adding node in a trusted pool, and a user has access to delete/ stop
     the volume.To resolve the same replace the list of RPC programs at the time
     of connection initialization in glusterd.


Regards
Mohit Agrawal

Comment 2 Mohit Agrawal 2018-06-21 02:08:42 UTC
Patch is posted 
https://review.gluster.org/#/c/20338


Regards
Mohit Agrawal

Comment 3 Worker Ant 2018-06-25 13:40:29 UTC
REVIEW: https://review.gluster.org/20338 (glusterfs: access trusted peer group via remote-host command) posted (#2) for review on release-4.1 by Shyamsundar Ranganathan

Comment 4 Worker Ant 2018-06-25 13:59:07 UTC
COMMIT: https://review.gluster.org/20338 committed in release-4.1 by "Shyamsundar Ranganathan" <srangana> with a commit message- glusterfs: access trusted peer group via remote-host command

Problem: In SSL environment the user is able to access volume
         via remote-host command without adding node in a trusted pool

Solution: Change the list of rpc program in glusterd.c at the
          time of initialization while SSL is enabled

> Change-Id: I987e433b639e68ad17b77b6452df1e22dbe0f199
> cherry picked from commit 234d611160840899bcfd5ab1c17a6253673d38ed

BUG: 1593525
fixes: bz#1593525
Change-Id: Ice4eda3d8104a4d5641de3cffd7249e46080d48f
Signed-off-by: Mohit Agrawal <moagrawa>


Note You need to log in before you can comment on or make changes to this bug.