22 matches found
MiracleLinux 4 : glusterfs-3.8.4-54.9.AXS4 (AXSA:2018-3123:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3123:02 advisory. It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster...
EUVD-2018-11757
Malware in sbrugna...
SUSE CVE-2018-1088
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink...
[SECURITY] [DLA 2806-1] glusterfs security update
Debian LTS Advisory DLA-2806-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 01, 2021 https://wiki.debian.org/LTS Package : glusterfs Version : 3.8.8-1+deb9u1 CVE ID : CVE-2018-1088 CVE-2018-10841 CVE-2018-10904 CVE-2018-10907 CVE-2018-10911...
openSUSE: Security Advisory for glusterfs (openSUSE-SU-2020:0079_1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2018-1185)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : glusterfs (openSUSE-2020-79)
This update for glusterfs fixes the following issues : glusterfs was update to release 3.12.15 : - Fixed a number of bugs and security issues : - CVE-2018-1088, CVE-2018-1112 boo1090084, CVE-2018-10904 boo1107018, CVE-2018-10907 boo1107019, CVE-2018-10911 boo1107020, CVE-2018-10913 boo1107021,...
GLSA-201904-06 : GlusterFS: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201904-06 GlusterFS: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GlusterFS. Please review the referenced CVE identifiers for details. Impact : Please review the referenced CVE identifiers for details...
Fedora 28 : glusterfs (2018-e048a4ef13)
Security fix for CVE-2018-1088 Privilege escalation via glustersharedstorage when snapshot scheduling is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format...
Fedora 26 : glusterfs (2018-f9e0f1caf7)
Security fix for CVE-2018-1088 Privilege escalation via glustersharedstorage when snapshot scheduling is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format...
RHEL 7 : Virtualization (RHSA-2018:1275)
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: redhat-virtualization-host security update
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Fedora 27 : glusterfs (2018-6dc9145693)
Security fix for CVE-2018-1088 Privilege escalation via glustersharedstorage when snapshot scheduling is enabled Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format...
Design/Logic Flaw
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression...
UBUNTU-CVE-2018-1112
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression...
CVE-2018-1112
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression...
CVE-2018-1112
It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes. Mitigation 1. Use TLS Authentication to authenticate gluster clients to limit access to gluster...
RHEL 7 : glusterfs (RHSA-2018:1136) (deprecated)
An update for glusterfs is now available for Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
RHEL 6 : glusterfs (RHSA-2018:1137)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1137 advisory. - glusterfs: Privilege escalation via glustersharedstorage when snapshot scheduling is enabled CVE-2018-1088 Note that Nessus has not tested for this...
CVE-2018-1088
CVE-2018-1088 affects GlusterFS 3.x via the snapshot scheduler: an unauthenticated client could exploit the scheduler to mount shared storage and escalate privileges by scheduling a malicious cronjob via a symlink. The issue is tied to a regression/regression-related chain (CVE-2018-1112) in patc...