Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2018-1185)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2018.1185

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2018-1185)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS 'glusterfs' package(s) announced via the EulerOS-SA-2018-1185 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS 'glusterfs' package(s) announced via the EulerOS-SA-2018-1185 advisory.

Vulnerability Insight:
A privilege escalation flaw was found in gluster snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.(CVE-2018-1088)

It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes.(CVE-2018-1112)

Affected Software/OS:
'glusterfs' package(s) on Huawei EulerOS V2.0SP3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-1088
https://security.gentoo.org/glsa/201904-06
RedHat Security Advisories: RHSA-2018:1136
https://access.redhat.com/errata/RHSA-2018:1136
RedHat Security Advisories: RHSA-2018:1137
https://access.redhat.com/errata/RHSA-2018:1137
RedHat Security Advisories: RHSA-2018:1275
https://access.redhat.com/errata/RHSA-2018:1275
RedHat Security Advisories: RHSA-2018:1524
https://access.redhat.com/errata/RHSA-2018:1524
SuSE Security Announcement: openSUSE-SU-2020:0079 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
Common Vulnerability Exposure (CVE) ID: CVE-2018-1112
RedHat Security Advisories: RHSA-2018:1268
https://access.redhat.com/errata/RHSA-2018:1268
RedHat Security Advisories: RHSA-2018:1269
https://access.redhat.com/errata/RHSA-2018:1269

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2018.1185
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2018-1185)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'glusterfs' package(s) announced via the EulerOS-SA-2018-1185 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'glusterfs' package(s) announced via the EulerOS-SA-2018-1185 advisory. Vulnerability Insight: A privilege escalation flaw was found in gluster snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.(CVE-2018-1088) It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes.(CVE-2018-1112) Affected Software/OS: 'glusterfs' package(s) on Huawei EulerOS V2.0SP3. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1088 https://security.gentoo.org/glsa/201904-06 RedHat Security Advisories: RHSA-2018:1136 https://access.redhat.com/errata/RHSA-2018:1136 RedHat Security Advisories: RHSA-2018:1137 https://access.redhat.com/errata/RHSA-2018:1137 RedHat Security Advisories: RHSA-2018:1275 https://access.redhat.com/errata/RHSA-2018:1275 RedHat Security Advisories: RHSA-2018:1524 https://access.redhat.com/errata/RHSA-2018:1524 SuSE Security Announcement: openSUSE-SU-2020:0079 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2018-1112 RedHat Security Advisories: RHSA-2018:1268 https://access.redhat.com/errata/RHSA-2018:1268 RedHat Security Advisories: RHSA-2018:1269 https://access.redhat.com/errata/RHSA-2018:1269
Copyright	Copyright (C) 2020 Greenbone Networks GmbH