Date: Wed, 31 Oct 2018 18:18:10 +0530 From: Siddharth Sharma <siddharth@...hat.com> To: OSS Security List <oss-security@...ts.openwall.com> Subject: glusterfs: multiple flaws Hi, We were informed about several security flaws affecting glusterfs. All of the following bugs were reported by Michael Hanselmann (hansmi.ch). CVE-2018-14651 ============== It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. CVE-2018-14652 ============== A buffer overflow was found in strncpy of the pl_getxattr() function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service. CVE-2018-14653 ============== A buffer overflow on the heap was found in gf_getspec_req RPC request. A remote, authenticated attacker could use this flaw to cause denial of service and read arbitrary files on glusterfs server node. CVE-2018-14654 ============== A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node. CVE-2018-14659 ============== A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service. CVE-2018-14660 ============== A flaw was found in glusterfs server which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. CVE-2018-14661 ============== It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. https://www.redhat.com/security/data/cve/CVE-2018-14651.html https://www.redhat.com/security/data/cve/CVE-2018-14652.html https://www.redhat.com/security/data/cve/CVE-2018-14653.html https://www.redhat.com/security/data/cve/CVE-2018-14654.html https://www.redhat.com/security/data/cve/CVE-2018-14659.html https://www.redhat.com/security/data/cve/CVE-2018-14660.html https://www.redhat.com/security/data/cve/CVE-2018-14661.html Regards, -- Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A Fingerprint : 6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.