'[oss-security] CVE-2018-10841 glusterfs: access trusted peer group via remote-host command'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2018-10841 glusterfs: access trusted peer group via remote-host command
From:       Siddharth Sharma <siddharth () redhat ! com>
Date:       2018-06-20 19:58:10
Message-ID: 1864620726.13471147.1529524690040.JavaMail.zimbra () redhat ! com
[Download RAW message or body]

A flaw was found in glusterfs which can lead to privilege escalation on
gluster server nodes.

It was found that any gluster client authenticated via TLS could use
gluster cli with --remote-host command to add itself to gluster trusted
pool and perform all gluster operations like peer probe itself or other
machines, start, stop, delete volumes etc.

https://bugzilla.redhat.com/show_bug.cgi?id=1582043

Respectfully,
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A      
Fingerprint  :  6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic