Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7 update for glusterfs

Published: 2018-04-18

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2018-1088
CWE-ID	CWE-61
Exploitation vector	Local network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software Subscribe	Red Hat Virtualization Server applications / Virtualization software Red Hat Enterprise Linux Server Operating systems & Components / Operating system glusterfs (Red Hat package) Operating systems & Components / Operating system package or component
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Symlink attack

EUVDB-ID: #VU12150

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1088

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: Yes

Description

The vulnerability allows an adjacent unauthenticated attacker to gain elevated privileges on the target system.

The weakness exists in the snapshot scheduler due to improper security restrictions during the mounting of gluster volumes. An adjacent attacker can access a gluster node, perform symbolic link attack that is designed to schedule malicious cronjobs and gain root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Virtualization: 4

Red Hat Enterprise Linux Server: 7

glusterfs (Red Hat package): before 3.8.4-54.6.el7rhgs

CPE2.3

External links

http://access.redhat.com/errata/RHSA-2018:1136

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.