1. CVE-Search
  2. CVE-2018-1088
ID CVE-2018-1088
Summary A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:gluster_storage:3.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:gluster_storage:3.13.2:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 13-02-2023 - 04:53)
Impact:
Exploitability:
CWE CWE-266
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2018:1136
  • rhsa
    id RHSA-2018:1137
  • rhsa
    id RHSA-2018:1275
  • rhsa
    id RHSA-2018:1524
rpms
  • glusterfs-0:3.8.4-54.6.el7
  • glusterfs-0:3.8.4-54.6.el7rhgs
  • glusterfs-api-0:3.8.4-54.6.el7
  • glusterfs-api-0:3.8.4-54.6.el7rhgs
  • glusterfs-api-devel-0:3.8.4-54.6.el7
  • glusterfs-api-devel-0:3.8.4-54.6.el7rhgs
  • glusterfs-cli-0:3.8.4-54.6.el7
  • glusterfs-cli-0:3.8.4-54.6.el7rhgs
  • glusterfs-client-xlators-0:3.8.4-54.6.el7
  • glusterfs-client-xlators-0:3.8.4-54.6.el7rhgs
  • glusterfs-debuginfo-0:3.8.4-54.6.el7
  • glusterfs-debuginfo-0:3.8.4-54.6.el7rhgs
  • glusterfs-devel-0:3.8.4-54.6.el7
  • glusterfs-devel-0:3.8.4-54.6.el7rhgs
  • glusterfs-events-0:3.8.4-54.6.el7rhgs
  • glusterfs-fuse-0:3.8.4-54.6.el7
  • glusterfs-fuse-0:3.8.4-54.6.el7rhgs
  • glusterfs-ganesha-0:3.8.4-54.6.el7rhgs
  • glusterfs-geo-replication-0:3.8.4-54.6.el7rhgs
  • glusterfs-libs-0:3.8.4-54.6.el7
  • glusterfs-libs-0:3.8.4-54.6.el7rhgs
  • glusterfs-rdma-0:3.8.4-54.6.el7
  • glusterfs-rdma-0:3.8.4-54.6.el7rhgs
  • glusterfs-resource-agents-0:3.8.4-54.6.el7rhgs
  • glusterfs-server-0:3.8.4-54.6.el7rhgs
  • python-gluster-0:3.8.4-54.6.el7
  • python-gluster-0:3.8.4-54.6.el7rhgs
  • glusterfs-0:3.8.4-54.7.el6
  • glusterfs-0:3.8.4-54.7.el6rhs
  • glusterfs-api-0:3.8.4-54.7.el6
  • glusterfs-api-0:3.8.4-54.7.el6rhs
  • glusterfs-api-devel-0:3.8.4-54.7.el6
  • glusterfs-api-devel-0:3.8.4-54.7.el6rhs
  • glusterfs-cli-0:3.8.4-54.7.el6
  • glusterfs-cli-0:3.8.4-54.7.el6rhs
  • glusterfs-client-xlators-0:3.8.4-54.7.el6
  • glusterfs-client-xlators-0:3.8.4-54.7.el6rhs
  • glusterfs-debuginfo-0:3.8.4-54.7.el6
  • glusterfs-debuginfo-0:3.8.4-54.7.el6rhs
  • glusterfs-devel-0:3.8.4-54.7.el6
  • glusterfs-devel-0:3.8.4-54.7.el6rhs
  • glusterfs-events-0:3.8.4-54.7.el6rhs
  • glusterfs-fuse-0:3.8.4-54.7.el6
  • glusterfs-fuse-0:3.8.4-54.7.el6rhs
  • glusterfs-ganesha-0:3.8.4-54.7.el6rhs
  • glusterfs-geo-replication-0:3.8.4-54.7.el6rhs
  • glusterfs-libs-0:3.8.4-54.7.el6
  • glusterfs-libs-0:3.8.4-54.7.el6rhs
  • glusterfs-rdma-0:3.8.4-54.7.el6
  • glusterfs-rdma-0:3.8.4-54.7.el6rhs
  • glusterfs-server-0:3.8.4-54.7.el6rhs
  • python-gluster-0:3.8.4-54.7.el6
  • python-gluster-0:3.8.4-54.7.el6rhs
  • redhat-release-virtualization-host-0:4.1-11.0.el7
  • redhat-virtualization-host-image-update-0:4.1-20180426.0.el7_5
  • redhat-virtualization-host-image-update-placeholder-0:4.1-11.0.el7
  • imgbased-0:1.0.16-0.1.el7ev
  • ovirt-node-ng-nodectl-0:4.2.0-0.20170814.0.el7
  • python-imgbased-0:1.0.16-0.1.el7ev
  • redhat-release-virtualization-host-0:4.2-3.0.el7
  • redhat-virtualization-host-image-update-0:4.2-20180508.0.el7_5
  • redhat-virtualization-host-image-update-placeholder-0:4.2-3.0.el7
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1558721
gentoo GLSA-201904-06
suse openSUSE-SU-2020:0079
Last major update 13-02-2023 - 04:53
Published 18-04-2018 - 16:29
Last modified 13-02-2023 - 04:53
Back to Top