Bug 1632557 (CVE-2018-14651) - CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths
Summary: CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relati...
Status: CLOSED ERRATA
Alias: CVE-2018-14651
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20181031:0800...
Keywords: Security
Depends On: 1633013 1644730 1644755 1647663 1647667
Blocks: 1631574 1644080
TreeView+ depends on / blocked
 
Reported: 2018-09-25 05:33 UTC by Sam Fowler
Modified: 2019-06-11 11:13 UTC (History)
30 users (show)

(edit) 
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Clone Of:
(edit)
Last Closed: 2019-06-10 10:38:41 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3431 None None None 2018-10-31 08:43 UTC
Red Hat Product Errata RHSA-2018:3432 None None None 2018-10-31 08:44 UTC

Description Sam Fowler 2018-09-25 05:33:35 UTC 
Gluster versions 3.12.14 and 4.1.4 included incomplete fixes for the vulnerabilities, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930 and CVE-2018-10926. All five vulnerabilities remain exploitable via symlinks pointing to relative paths. A remote authenticated attacker could exploit one of these vulnerabilities to force a server to resolve target paths and achieve a maximum impact of arbitrary code execution.
Comment 1 Sam Fowler 2018-09-25 05:33:47 UTC 
Acknowledgments:

Name: Michael Hanselmann (hansmi.ch)
Comment 6 Doran Moppert 2018-10-30 05:30:47 UTC 
Statement:

This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.
Comment 7 errata-xmlrpc 2018-10-31 08:42:52 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 6
  Native Client for RHEL 6 for Red Hat Storage

Via RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3431
Comment 8 errata-xmlrpc 2018-10-31 08:44:04 UTC 
This issue has been addressed in the following products:

  Red Hat Gluster Storage 3.4 for RHEL 7
  Native Client for RHEL 7 for Red Hat Storage

Via RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3432
Comment 9 Siddharth Sharma 2018-10-31 13:51:34 UTC 
Created glusterfs tracking bugs for this issue:

Affects: fedora-all [bug 1644730]
Comment 10 Salvatore Bonaccorso 2018-10-31 20:32:46 UTC 
Can you share information on the fixing commit(s) for the CVE-2018-14651 issue (and in the other bugs respectively)?
Comment 11 Sam Fowler 2018-10-31 23:14:33 UTC 
Redirecting needinfo to Siddharth.
Comment 12 Siddharth Sharma 2018-11-01 04:35:25 UTC 
upstream fix:

https://review.gluster.org/#/c/glusterfs/+/21527/
Note You need to log in before you can comment on or make changes to this bug.