Symlink attack in Red Hat Gluster Storage Server for On-premise

#VU12150 Symlink attack in Red Hat Gluster Storage Server for On-premise

Published: 2020-03-18

Vulnerability identifier: #VU12150

Vulnerability risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1088

CWE-ID: CWE-61

Exploitation vector: Local network

Exploit availability: Yes

Vulnerable software:
Red Hat Gluster Storage Server for On-premise
Server applications / File servers (FTP/HTTP)

Vendor: Red Hat Inc.

Description
The vulnerability allows an adjacent unauthenticated attacker to gain elevated privileges on the target system.

The weakness exists in the snapshot scheduler due to improper security restrictions during the mounting of gluster volumes. An adjacent attacker can access a gluster node, perform symbolic link attack that is designed to schedule malicious cronjobs and gain root privileges.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Red Hat Gluster Storage Server for On-premise: 3 - 3.13.2

External links
http://access.redhat.com/security/cve/cve-2018-1088

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Red Hat update for ISC DHCP

Red Hat update for glusterfs

Symlink attack in Red Hat Gluster Storage Server

Native Client for Red Hat Enterprise Linux 6 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 6 update for glusterfs

Native Client for Red Hat Enterprise Linux 7 for Red Hat Storage and Red Hat Gluster Storage 3.3 for Red Hat Enterprise Linux 7 update for glusterfs