Date: Wed, 31 Oct 2018 18:18:10 +0530
From: Siddharth Sharma <siddharth@...hat.com>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: glusterfs: multiple flaws
We were informed about several security flaws affecting glusterfs.
All of the following bugs were reported by Michael Hanselmann (hansmi.ch).
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929,
CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated
attacker could use one of these flaws to execute arbitrary code, create
arbitrary files, or cause denial of service on glusterfs server nodes via
symlinks to relative paths.
A buffer overflow was found in strncpy of the pl_getxattr() function. An
authenticated attacker could remotely overflow the buffer by sending a buffer
of larger length than the size of the key resulting in remote denial of
A buffer overflow on the heap was found in gf_getspec_req RPC request. A
remote, authenticated attacker could use this flaw to cause denial of service
and read arbitrary files on glusterfs server node.
A flaw was found in the way glusterfs server handles client requests. A
remote, authenticated attacker could set arbitrary values for the
GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file
operation resulting in creation and deletion of arbitrary files on glusterfs
A flaw was found in glusterfs server which allowed clients to create io-stats
dumps on server node. A remote, authenticated attacker could use this flaw to
create io-stats dump on a server without any limitation and utilizing all
available inodes resulting in remote denial of service.
A flaw was found in glusterfs server which allowed repeated usage of
GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw
to create multiple locks for single inode by using setxattr repetitively
resulting in memory exhaustion of glusterfs server node.
It was found that usage of snprintf function in feature/locks translator of
glusterfs server was vulnerable to a format string attack. A remote,
authenticated attacker could use this flaw to cause remote denial of service.
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A
Fingerprint : 6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.