Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 20 Jun 2018 15:58:10 -0400 (EDT)
From: Siddharth Sharma <siddharth@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-10841 glusterfs: access trusted peer group via remote-host
 command

A flaw was found in glusterfs which can lead to privilege escalation on
gluster server nodes.

It was found that any gluster client authenticated via TLS could use
gluster cli with --remote-host command to add itself to gluster trusted
pool and perform all gluster operations like peer probe itself or other
machines, start, stop, delete volumes etc.

https://bugzilla.redhat.com/show_bug.cgi?id=1582043

Respectfully,
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A      
Fingerprint  :  6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ