[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snaps
From: Siddharth Sharma <siddharth () redhat ! com>
Date: 2018-04-18 12:24:10
Message-ID: 2086549779.1418796.1524054250024.JavaMail.zimbra () redhat ! com
[Download RAW message or body]
Hi,
A flaw was found in glusterfs which can lead to privilege escalation on
gluster server nodes.
This flaw is based on symlink attack. Any glusterfs unauthenticated client
having access to gluster nodes can mount gluster_shared_storage volume which
contains file symlink to /etc/cron.d which is owned by root. After mounting
this shared volume client can schedule malicious cronjob which would run as
root. This would lead to privilege escalation. Symlink is created when gluster
snapshot scheduling is enabled. This requires gluster administrator to run
command "snap_scheduler.py init", this is shipped with glusterfs-server
package.
This flaw was discovered by John Strunk (Red Hat)
Respectfully,
-----------------------------------------------------------------
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A
Fingerprint : 6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic