Packages

  • Status Closed
  • Percent Complete
    100%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    Emulatorman
  • Operating System All
  • Severity Critical
  • Priority Medium
  • Reported Version Any
  • Due in Version Starfix
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by g4jc - 12/05/2018
Last edited by Emulatorman - 02/06/2018

FS#731 - [glusterfs] CVE-2018-1088: Privilege escalation via gluster_shared_storage ...

https://security-tracker.debian.org/tracker/CVE-2018-1088

http://openwall.com/lists/oss-security/2018/04/18/1

https://bugs.debian.org/896128

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Upstream patches: https://review.gluster.org/#/c/19899/1..2

Fixed in: https://github.com/gluster/glusterfs/releases/tag/v4.0.2

Closed by  Emulatorman
02.06.2018 06:35
Reason for closing:  Fixed
Date User Effort (H:M)
watch my effort tracking timers

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing