PT-2018-3746 · Red Hat+3 · Gluster+3

Pedro Sampaio

Publicado

2018-04-18

Atualizado

2023-02-13

CVE-2018-1088

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gluster versions 3.x

Description The issue is related to a privilege escalation flaw in the gluster snapshot scheduler, which can be exploited by scheduling a malicious cronjob via symlink. This flaw allows an attacker to escalate privileges if they are allowed to mount gluster volumes.

Recommendations For gluster version 3.x, consider restricting access to the snapshot scheduler to prevent malicious cronjob scheduling until a patch is available. As a temporary workaround, consider disabling the shared gluster storage volume mounting capability for gluster clients to minimize the risk of exploitation.

Exploit

Correção

Incorrect Privilege Assignment

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266

Identificadores relacionados

ALT-PU-2018-1730

BDU:2021-04142

CVE-2018-1088

DLA-2806-1

OPENSUSE-SU-2020:0079-1

OPENSUSE-SU-2020_0079-1

OPENSUSE-SU-2024:10794-1

RHSA-2018:1136

RHSA-2018:1137

RHSA-2018:1275

RHSA-2018:1524

USN-4770-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Gluster

PT-2018-3746 · Red Hat+3 · Gluster+3

CVE-2018-1088

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 75