CVE-2018-14654 – glusterfs: "features/index" translator can create arbitrary, empty files
https://notcve.org/view.php?id=CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server. El sistema de archivos Gluster hasta la versión 4.1.4 es vulnerable al abuso del traductor "features/index". Un atacante remoto con acceso a los volúmenes de montaje podría explotar esta vulnerabilidad mediante el xaatrop "GF_XATTROP_ENTRY_IN_KEY" para crear archivos arbitrarios vacíos en el servidor objetivo. A flaw was found in the way glusterfs server handles client requests. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14654 https://bugzilla.redhat.com/show_bug.cgi?id=1631576 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-1127 – tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions
https://notcve.org/view.php?id=CVE-2018-1127
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user. Tendrl API en Red Hat Gluster Storage en versiones anteriores a la 3.4.0 no elimina inmediatamente los tokens de sesión una vez el usuario ha cerrado sesión. Los tokens de sesión siguen activos durante unos pocos minutos, lo que permite que los atacantes reproduzcan los tokens adquiridos mediante ataques de rastreo o Man-in-the-Middle (MitM) y autenticándose como el usuario objetivo. • http://www.securitytracker.com/id/1041597 https://access.redhat.com/errata/RHSA-2018:2616 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127 https://github.com/Tendrl/api/pull/422 https://access.redhat.com/security/cve/CVE-2018-1127 https://bugzilla.redhat.com/show_bug.cgi?id=1575835 • CWE-384: Session Fixation CWE-613: Insufficient Session Expiration •
CVE-2018-1088 – glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled
https://notcve.org/view.php?id=CVE-2018-1088
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink. Se ha encontrado un error de escalado de privilegios en el programador de capturas en gluster, en versiones 3.x. Cualquier cliente gluster al que se le permita montar volúmenes de gluster también podría montar un volumen de almacenamiento compartido de gluster y escalar privilegios programando un cronjob malicioso mediante un enlace simbólico. A privilege escalation flaw was found in gluster snapshot scheduler. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/errata/RHSA-2018:1136 https://access.redhat.com/errata/RHSA-2018:1137 https://access.redhat.com/errata/RHSA-2018:1275 https://access.redhat.com/errata/RHSA-2018:1524 https://bugzilla.redhat.com/show_bug.cgi?id=1558721 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018- • CWE-266: Incorrect Privilege Assignment •
CVE-2017-15085 – samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)
https://notcve.org/view.php?id=CVE-2017-15085
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Se descubrió que la solución para CVE-2017-12150 no se subió correctamente en la errata RHSA-2017:2858 para Red Hat Gluster Storage 3.3 para RHEL 6. • http://www.securityfocus.com/bid/101554 https://access.redhat.com/errata/RHSA-2017:3110 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15085 https://access.redhat.com/security/cve/CVE-2017-15085 https://bugzilla.redhat.com/show_bug.cgi?id=1505787 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-300: Channel Accessible by Non-Endpoint •
CVE-2017-15086 – samba: SMB2 connections don't keep encryption across DFS redirects (incomplete fix of CVE-2017-12151)
https://notcve.org/view.php?id=CVE-2017-15086
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. Se descubrió que la solución para CVE-2017-12151 no se subió correctamente en la errata RHSA-2017:2858 para Red Hat Gluster Storage 3.3 para RHEL 6. • http://www.securityfocus.com/bid/101555 https://access.redhat.com/errata/RHSA-2017:3110 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086 https://access.redhat.com/security/cve/CVE-2017-15086 https://bugzilla.redhat.com/show_bug.cgi?id=1505785 • CWE-300: Channel Accessible by Non-Endpoint •