CVE-2018-10923

7.6HIGH

Key Information:

Vendor: Red Hat
Status: Glusterfs
Vendor: CVE Published:; 4 September 2018

Summary

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.

Affected Version(s)

glusterfs

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923

x_refsource_CONFIRM

https://access.redhat.com/errata/RHSA-2018:2607

vendor-advisoryx_refsource_REDHAT

https://lists.debian.org/debian-lts-announce/2018/09/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2018
Vulnerability Reserved
May 9, 2018

.