Description
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Red Hat / glusterfsn/a – n/a
References
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2607
- MISChttps://review.gluster.org/#/c/glusterfs/+/21072/
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2608
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:3470
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904
- MISChttps://security.gentoo.org/glsa/201904-06
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2021/11/msg00000.html