[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2018-10841 glusterfs: access trusted peer group via remote-host command
From: Siddharth Sharma <siddharth () redhat ! com>
Date: 2018-06-20 19:58:10
Message-ID: 1864620726.13471147.1529524690040.JavaMail.zimbra () redhat ! com
[Download RAW message or body]
A flaw was found in glusterfs which can lead to privilege escalation on
gluster server nodes.
It was found that any gluster client authenticated via TLS could use
gluster cli with --remote-host command to add itself to gluster trusted
pool and perform all gluster operations like peer probe itself or other
machines, start, stop, delete volumes etc.
https://bugzilla.redhat.com/show_bug.cgi?id=1582043
Respectfully,
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A
Fingerprint : 6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic