CVE-2018-10904
glusterfs: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
Se ha detectado que el servidor glusterfs no sanea correctamente las rutas de archivo en el atributo extendido "trusted.io-stats-dump", empleado por el traductor "debug/io-stats". Los atacantes pueden emplear este error para crear archivos y ejecutar código arbitrario. Para explotar esto, un atacante necesitaría un acceso suficiente para modificar los atributos extendidos de los archivos en un volumen gluster.
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. An attacker can use this flaw to create files and execute arbitrary code. To exploit this, the attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2018-09-04 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-426: Untrusted Search Path
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904 | Issue Tracking | |
https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://review.gluster.org/#/c/glusterfs/+/21072 | 2022-04-22 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html | 2022-04-22 | |
https://access.redhat.com/errata/RHSA-2018:2607 | 2022-04-22 | |
https://access.redhat.com/errata/RHSA-2018:2608 | 2022-04-22 | |
https://access.redhat.com/errata/RHSA-2018:3470 | 2022-04-22 | |
https://security.gentoo.org/glsa/201904-06 | 2022-04-22 | |
https://access.redhat.com/security/cve/CVE-2018-10904 | 2018-11-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1601298 | 2018-11-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Gluster Search vendor "Gluster" | Glusterfs Search vendor "Gluster" for product "Glusterfs" | >= 3.12.0 < 3.12.14 Search vendor "Gluster" for product "Glusterfs" and version " >= 3.12.0 < 3.12.14" | - |
Affected
| ||||||
Gluster Search vendor "Gluster" | Glusterfs Search vendor "Gluster" for product "Glusterfs" | >= 4.1.0 < 4.1.8 Search vendor "Gluster" for product "Glusterfs" and version " >= 4.1.0 < 4.1.8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
|