It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
| Link | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2607 | third party advisory vendor advisory |
| https://review.gluster.org/#/c/glusterfs/+/21072/ | patch vendor advisory |
| https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html | third party advisory mailing list |
| https://access.redhat.com/errata/RHSA-2018:2608 | third party advisory vendor advisory |
| https://access.redhat.com/errata/RHSA-2018:3470 | third party advisory vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10904 | mitigation third party advisory issue tracking |
| https://security.gentoo.org/glsa/201904-06 | third party advisory vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html | vendor advisory mailing list third party advisory |
| https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | third party advisory mailing list |