CVE-2018-10923
glusterfs: I/O to arbitrary devices on storage server
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.
Se ha detectado que la llamada "mknod" derivada de mknod(2) puede crear archivos que señalan a dispositivos en un nodo del servidor glusterfs. Un atacante autenticado podría emplearlo para crear un dispositivo arbitrario y leer datos desde cualquier dispositivo conectado al nodo del servidor glusterfs.
The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, denial of service, deserialization, and format string vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-09 CVE Reserved
- 2018-09-04 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html | 2022-04-22 | |
| https://access.redhat.com/errata/RHSA-2018:2607 | 2022-04-22 | |
| https://access.redhat.com/errata/RHSA-2018:2608 | 2022-04-22 | |
| https://access.redhat.com/errata/RHSA-2018:3470 | 2022-04-22 | |
| https://security.gentoo.org/glsa/201904-06 | 2022-04-22 | |
| https://access.redhat.com/security/cve/CVE-2018-10923 | 2018-11-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1610659 | 2018-11-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gluster Search vendor "Gluster" | Glusterfs Search vendor "Gluster" for product "Glusterfs" | >= 3.12.0 < 3.12.14 Search vendor "Gluster" for product "Glusterfs" and version " >= 3.12.0 < 3.12.14" | - |
Affected
| ||||||
| Gluster Search vendor "Gluster" | Glusterfs Search vendor "Gluster" for product "Glusterfs" | >= 4.1.0 < 4.1.8 Search vendor "Gluster" for product "Glusterfs" and version " >= 4.1.0 < 4.1.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Virtualization Host Search vendor "Redhat" for product "Virtualization Host" | 4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||