Siddharth Sharma

**Name of the Vulnerable Software and Affected Versions** samba versions prior to 4.11.2 samba versions prior to 4.10.10 samba versions prior to 4.9.15 **Description** A flaw was found in the samba client where a malicious server can supply a pathname to the client with separators, allowing the client to access files and folders outside of the SMB network pathnames. This could enable an attacker to create files outside of the current working directory using the privileges of the client user. The issue is due to incorrect restriction of the directory path name with limited access. **Recommendations** For samba versions prior to 4.11.2, update to version 4.11.2 or later. For samba versions prior to 4.10.10, update to version 4.10.10 or later. For samba versions prior to 4.9.15, update to version 4.9.15 or later.

**Name of the Vulnerable Software and Affected Versions** Ceph branches master, mimic, luminous, and jewel are believed to be vulnerable. **Description** The cephx authentication protocol did not correctly verify Ceph clients, making it vulnerable to a replay attack. An attacker with access to the Ceph cluster network who can sniff packets can use this issue to authenticate with the Ceph service and perform actions allowed by the service. **Recommendations** For Ceph branches master, mimic, luminous, and jewel, consider restricting access to the Ceph cluster network to minimize the risk of exploitation until a fix is available. As a temporary workaround, review and enhance the authentication mechanisms to prevent replay attacks. Restrict actions allowed by the Ceph service to minimize potential damage from unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ceph branches master, mimic, luminous, and jewel are believed to be vulnerable. **Description** A flaw was found in the way signature calculation was handled by the cephx authentication protocol. An attacker with access to the Ceph cluster network who can alter the message payload can bypass signature checks done by the cephx protocol. **Recommendations** For Ceph branches master, mimic, luminous, and jewel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** texlive versions 3.1.20140525 r34255.fc21 and 6.20131226 r32488.fc20 **Description** The issue allows local users to delete arbitrary files via a crafted file in the user's home directory. This is due to a problem in the pre-install script in the affected texlive packages. **Recommendations** For texlive version 3.1.20140525 r34255.fc21, update to a version that fixes the issue with the pre-install script. For texlive version 6.20131226 r32488.fc20, update to a version that fixes the issue with the pre-install script. As a temporary workaround, consider restricting write access to sensitive files in the user's home directory until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Red Hat Storage Console versions 2 Red Hat Storage Console Node versions 2 **Description** The issue allows local users to obtain passwords in cleartext. **Recommendations** For Red Hat Storage Console version 2, update to a version that stores passwords securely. For Red Hat Storage Console Node version 2, update to a version that stores passwords securely.

**Name of the Vulnerable Software and Affected Versions** Red Hat gluster-swift (affected versions not specified) **Description** The issue allows remote authenticated users to bypass the max meta count constraint by sending multiple crafted requests that exceed the limit when combined. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack Swift-on-File (aka Swiftonfile) (affected versions not specified) **Description** The issue is related to the improper restriction of the pickle Python module when loading metadata. This allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Ceph versions prior to 0.94.9-8 **Description** A flaw in the Ceph Object Gateway allows an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. **Recommendations** For versions prior to 0.94.9-8, update to version 0.94.9-8 or later to resolve the issue.