GlusterFS Device Creation Vulnerability Exploited by Authenticated Attackers
CVE-2018-10923

7.6HIGH

Key Information:

Vendor: Red Hat
Status: Glusterfs
Vendor: CVE Published:; 4 September 2018

What is CVE-2018-10923?

An issue was identified in GlusterFS where the 'mknod' system call can be misused to create files that point to devices on a GlusterFS server node. This allows an authenticated attacker to potentially create arbitrary device files, leading to unauthorized access and the ability to read sensitive data from devices connected to the server. Such exploitation underscores the importance of applying security updates and vigilant monitoring of access controls within GlusterFS deployments.

Affected Version(s)

glusterfs

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:2607

vendor-advisoryx_refsource_REDHAT

https://lists.debian.org/debian-lts-announce/2018/09/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2018
Vulnerability Reserved
May 9, 2018

Red Hat

What is CVE-2018-10923?

Affected Version(s)

References

CVSS V3.1

Timeline