'[oss-security] glusterfs: multiple flaws'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] glusterfs: multiple flaws
From:       Siddharth Sharma <siddharth () redhat ! com>
Date:       2018-10-31 13:00:10
Message-ID: 20827340.HMuAYWp0fB () rem0te-expl0it
[Download RAW message or body]


Hi,

We were informed about several security flaws affecting glusterfs.
All of the following bugs were reported by Michael Hanselmann (hansmi.ch).


CVE-2018-14651
==============
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, 
CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated 
attacker could use one of these flaws to execute arbitrary code, create 
arbitrary files, or cause denial of service on glusterfs server nodes via 
symlinks to relative paths.


CVE-2018-14652
==============
A buffer overflow was found in strncpy of the pl_getxattr() function. An 
authenticated attacker could remotely overflow the buffer by sending a buffer 
of larger length than the size of the key resulting in remote denial of 
service.


CVE-2018-14653
==============
A buffer overflow on the heap was found in gf_getspec_req RPC request. A 
remote, authenticated attacker could use this flaw to cause denial of service 
and read arbitrary files on glusterfs server node.


CVE-2018-14654 
==============
A flaw was found in the way glusterfs server handles client requests. A 
remote, authenticated attacker could set arbitrary values for the 
GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file 
operation resulting in creation and deletion of arbitrary files on glusterfs 
server node.


CVE-2018-14659
==============
A flaw was found in glusterfs server which allowed clients to create io-stats 
dumps on server node. A remote, authenticated attacker could use this flaw to 
create io-stats dump on a server without any limitation and utilizing all 
available inodes resulting in remote denial of service.


CVE-2018-14660 
==============
A flaw was found in glusterfs server which allowed repeated usage of 
GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw 
to create multiple locks for single inode by using setxattr repetitively 
resulting in memory exhaustion of glusterfs server node.


CVE-2018-14661
==============
It was found that usage of snprintf function in feature/locks translator of 
glusterfs server was vulnerable to a format string attack. A remote, 
authenticated attacker could use this flaw to cause remote denial of service.


https://www.redhat.com/security/data/cve/CVE-2018-14651.html
https://www.redhat.com/security/data/cve/CVE-2018-14652.html
https://www.redhat.com/security/data/cve/CVE-2018-14653.html
https://www.redhat.com/security/data/cve/CVE-2018-14654.html
https://www.redhat.com/security/data/cve/CVE-2018-14659.html
https://www.redhat.com/security/data/cve/CVE-2018-14660.html
https://www.redhat.com/security/data/cve/CVE-2018-14661.html


Regards,
-- 
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A      
Fingerprint  :  6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic