Vulnerabilities > CVE-2018-14660

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gluster
redhat
debian
nessus

Summary

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3432.NASL
    descriptionUpdated glusterfs packages that fix multiple security issues and bugs are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Security Fix(es) : * glusterfs: glusterfs server exploitable via symlinks to relative paths (CVE-2018-14651) * glusterfs: Buffer overflow in
    last seen2020-06-01
    modified2020-06-02
    plugin id118583
    published2018-11-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118583
    titleRHEL 7 : glusterfs (RHSA-2018:3432)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3432. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118583);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/24 15:35:46");
    
      script_cve_id("CVE-2018-14651", "CVE-2018-14652", "CVE-2018-14653", "CVE-2018-14654", "CVE-2018-14659", "CVE-2018-14660", "CVE-2018-14661");
      script_xref(name:"RHSA", value:"2018:3432");
    
      script_name(english:"RHEL 7 : glusterfs (RHSA-2018:3432)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated glusterfs packages that fix multiple security issues and bugs
    are now available for Red Hat Gluster Storage 3.4 on Red Hat
    Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    GlusterFS is a key building block of Red Hat Gluster Storage. It is
    based on a stackable user-space design and can deliver exceptional
    performance for diverse workloads. GlusterFS aggregates various
    storage servers over network interconnections into one large, parallel
    network file system.
    
    Security Fix(es) :
    
    * glusterfs: glusterfs server exploitable via symlinks to relative
    paths (CVE-2018-14651)
    
    * glusterfs: Buffer overflow in 'features/locks' translator allows for
    denial of service (CVE-2018-14652)
    
    * glusterfs: Heap-based buffer overflow via 'gf_getspec_req' RPC
    message (CVE-2018-14653)
    
    * glusterfs: 'features/index' translator can create arbitrary, empty
    files (CVE-2018-14654)
    
    * glusterfs: Unlimited file creation via 'GF_XATTR_IOSTATS_DUMP_KEY'
    xattr allows for denial of service (CVE-2018-14659)
    
    * glusterfs: Repeat use of 'GF_META_LOCK_KEY' xattr allows for memory
    exhaustion (CVE-2018-14660)
    
    * glusterfs: features/locks translator passes an user-controlled
    string to snprintf without a proper format string resulting in a
    denial of service (CVE-2018-14661)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank Michael Hanselmann (hansmi.ch) for
    reporting these issues.
    
    Bug Fix(es) :
    
    * MD5 instances are replaced with FIPS-compliant SHA256 checksums and
    glusterd no longer crashes when run on a FIPS enabled machine.
    (BZ#1459709)
    
    * The flock is unlocked specifically and the status file is updated so
    that the reference is not leaked to any worker or agent process. As a
    result of this fix, all workers come up without fail. (BZ#1623749)
    
    * All HTIME index files are checked for the specified start and end
    times, and the History API does not fail when multiple HTIME files
    exist. (BZ# 1627639)
    
    * After upgrading to Red Hat Gluster Storage 3.4 from earlier versions
    of Red Hat Gluster Storage, the volume size displayed by the df
    command was smaller than the actual volume size. This has been fixed
    and the df command now shows the correct size for all volumes.
    (BZ#1630997)
    
    * The algorithm to disable the eager-lock is modified and it disables
    only when multiple write operations are trying to modify a file at the
    same time. This led to performance improvement while a write operation
    is performed on a file irrespective of the number of times it is
    opened at the same time for a read operation. (BZ#1630688)
    
    * heal-info does not consider the presence of dirty markers as an
    indication of split-brain and does not display these entries to be in
    a split-brain state. (BZ#1610743)
    
    All users of Red Hat Gluster Storage are advised to upgrade to these
    updated packages, which provide numerous bug fixes and enhancements."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3432"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14659"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14661"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-api");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-api-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-client-xlators");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-events");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-fuse");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-ganesha");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-geo-replication");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-rdma");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-resource-agents");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glusterfs-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python2-gluster");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-storage-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3432";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"glusterfs-server-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "GlusterFS Server");
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-api-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-api-devel-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-cli-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-client-xlators-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-debuginfo-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-devel-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-events-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-fuse-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-ganesha-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-geo-replication-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-libs-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-rdma-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"glusterfs-resource-agents-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"glusterfs-server-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python2-gluster-3.12.2-25.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"redhat-storage-server-3.4.1.0-1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glusterfs / glusterfs-api / glusterfs-api-devel / glusterfs-cli / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-986F0B7FB0.NASL
    description5.1 GA , security fixes for: CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120641
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120641
    titleFedora 29 : glusterfs (2018-986f0b7fb0)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-986f0b7fb0.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120641);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-14651", "CVE-2018-14652", "CVE-2018-14653", "CVE-2018-14654", "CVE-2018-14659", "CVE-2018-14660", "CVE-2018-14661");
      script_xref(name:"FEDORA", value:"2018-986f0b7fb0");
    
      script_name(english:"Fedora 29 : glusterfs (2018-986f0b7fb0)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "5.1 GA , security fixes for: CVE-2018-14651 CVE-2018-14652
    CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660
    CVE-2018-14661
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-986f0b7fb0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glusterfs package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14654");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glusterfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"glusterfs-5.1-1.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glusterfs");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-AF9BD28CF1.NASL
    description4.1.6 GA, security fixes for: CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120711
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120711
    titleFedora 28 : glusterfs (2018-af9bd28cf1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-af9bd28cf1.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120711);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-14651", "CVE-2018-14652", "CVE-2018-14653", "CVE-2018-14654", "CVE-2018-14659", "CVE-2018-14660", "CVE-2018-14661");
      script_xref(name:"FEDORA", value:"2018-af9bd28cf1");
    
      script_name(english:"Fedora 28 : glusterfs (2018-af9bd28cf1)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "4.1.6 GA, security fixes for: CVE-2018-14651 CVE-2018-14652
    CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660
    CVE-2018-14661
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glusterfs package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14654");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glusterfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"glusterfs-4.1.6-1.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glusterfs");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3470.NASL
    descriptionAn update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id118790
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118790
    titleRHEL 7 : Virtualization Manager (RHSA-2018:3470)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3470. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118790);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/24 15:35:46");
    
      script_cve_id("CVE-2018-1000805", "CVE-2018-10858", "CVE-2018-10873", "CVE-2018-10904", "CVE-2018-10907", "CVE-2018-10911", "CVE-2018-10913", "CVE-2018-10914", "CVE-2018-10923", "CVE-2018-10926", "CVE-2018-10927", "CVE-2018-10928", "CVE-2018-10929", "CVE-2018-10930", "CVE-2018-14652", "CVE-2018-14653", "CVE-2018-14654", "CVE-2018-14659", "CVE-2018-14660", "CVE-2018-14661");
      script_xref(name:"RHSA", value:"2018:3470");
    
      script_name(english:"RHEL 7 : Virtualization Manager (RHSA-2018:3470)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for imgbased, redhat-release-virtualization-host, and
    redhat-virtualization-host is now available for Red Hat Virtualization
    4 for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The redhat-virtualization-host packages provide the Red Hat
    Virtualization Host. These packages include
    redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor.
    Red Hat Virtualization Hosts (RHVH) are installed using a special
    build of Red Hat Enterprise Linux with only the packages required to
    host virtual machines. RHVH features a Cockpit user interface for
    monitoring the host's resources and performing administrative tasks.
    
    Security Fix(es) :
    
    * spice: Missing check in demarshal.py:write_validate_array_item()
    allows for buffer overflow and denial of service (CVE-2018-10873)
    
    * glusterfs: Multiple flaws (CVE-2018-10904, CVE-2018-10907,
    CVE-2018-10923, CVE-2018-10926, CVE-2018-10927, CVE-2018-10928,
    CVE-2018-10929, CVE-2018-10930, CVE-2018-10911, CVE-2018-10914,
    CVE-2018-14652, CVE-2018-14653, CVE-2018-14654, CVE-2018-14659,
    CVE-2018-14660, CVE-2018-14661, CVE-2018-10913)
    
    * samba: Insufficient input validation in libsmbclient
    (CVE-2018-10858)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank Michael Hanselmann (hansmi.ch) for
    reporting CVE-2018-10904, CVE-2018-10907, CVE-2018-10923,
    CVE-2018-10926, CVE-2018-10927, CVE-2018-10928, CVE-2018-10929,
    CVE-2018-10930, CVE-2018-10911, CVE-2018-10914, CVE-2018-14652,
    CVE-2018-14653, CVE-2018-14654, CVE-2018-14659, CVE-2018-14660,
    CVE-2018-14661, and CVE-2018-10913. The CVE-2018-10873 issue was
    discovered by Frediano Ziglio (Red Hat).
    
    Bug Fix(es) :
    
    * When upgrading Red Hat Virtualization Host (RHVH), imgbased fails to
    run garbage collection on previous layers, so new logical volumes are
    removed, and the boot entry points to a logical volume that was
    removed.
    
    If the RHVH upgrade finishes successfully, the hypervisor boots
    successfully, even if garbage collection fails. (BZ#1632058)
    
    * During the upgrade process, when lvremove runs garbage collection,
    it prompts for user confirmation, causing the upgrade process to fail.
    Now the process uses 'lvremove --force' when trying to remove logical
    volumes and does not fail even if garbage collection fails, and as a
    result, the upgrade process finishes successfully. (BZ#1632585)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3470"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10858"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10873"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10911"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10913"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10923"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10926"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10927"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10928"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-10930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14659"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-14661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1000805"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:imgbased");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-imgbased");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-release-virtualization-host");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update-placeholder");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3470";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL7", rpm:"redhat-release-virtualization-host-4.2"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Red Hat Virtualization 4");
    
      if (rpm_check(release:"RHEL7", reference:"imgbased-1.0.29-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"python-imgbased-1.0.29-1.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"redhat-release-virtualization-host-4.2-7.3.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"redhat-virtualization-host-image-update-4.2-20181026.0.el7_6")) flag++;
      if (rpm_check(release:"RHEL7", reference:"redhat-virtualization-host-image-update-placeholder-4.2-7.3.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imgbased / python-imgbased / redhat-release-virtualization-host / etc");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201904-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201904-06 (GlusterFS: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in GlusterFS. Please review the referenced CVE identifiers for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id123580
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123580
    titleGLSA-201904-06 : GlusterFS: Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3431.NASL
    descriptionUpdated glusterfs packages that fix multiple security issues and bugs are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. Security Fix(es) : * glusterfs: glusterfs server exploitable via symlinks to relative paths (CVE-2018-14651) * glusterfs: Buffer overflow in
    last seen2020-06-01
    modified2020-06-02
    plugin id118582
    published2018-11-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118582
    titleRHEL 6 : glusterfs (RHSA-2018:3431)

Redhat

advisories
  • rhsa
    idRHSA-2018:3431
  • rhsa
    idRHSA-2018:3432
  • rhsa
    idRHSA-2018:3470
rpms
  • glusterfs-0:3.12.2-25.el6
  • glusterfs-0:3.12.2-25.el6rhs
  • glusterfs-api-0:3.12.2-25.el6
  • glusterfs-api-0:3.12.2-25.el6rhs
  • glusterfs-api-devel-0:3.12.2-25.el6
  • glusterfs-api-devel-0:3.12.2-25.el6rhs
  • glusterfs-cli-0:3.12.2-25.el6
  • glusterfs-cli-0:3.12.2-25.el6rhs
  • glusterfs-client-xlators-0:3.12.2-25.el6
  • glusterfs-client-xlators-0:3.12.2-25.el6rhs
  • glusterfs-debuginfo-0:3.12.2-25.el6
  • glusterfs-debuginfo-0:3.12.2-25.el6rhs
  • glusterfs-devel-0:3.12.2-25.el6
  • glusterfs-devel-0:3.12.2-25.el6rhs
  • glusterfs-events-0:3.12.2-25.el6rhs
  • glusterfs-fuse-0:3.12.2-25.el6
  • glusterfs-fuse-0:3.12.2-25.el6rhs
  • glusterfs-ganesha-0:3.12.2-25.el6rhs
  • glusterfs-geo-replication-0:3.12.2-25.el6rhs
  • glusterfs-libs-0:3.12.2-25.el6
  • glusterfs-libs-0:3.12.2-25.el6rhs
  • glusterfs-rdma-0:3.12.2-25.el6
  • glusterfs-rdma-0:3.12.2-25.el6rhs
  • glusterfs-server-0:3.12.2-25.el6rhs
  • python2-gluster-0:3.12.2-25.el6
  • python2-gluster-0:3.12.2-25.el6rhs
  • redhat-storage-server-0:3.4.1.0-1.el6rhs
  • glusterfs-0:3.12.2-25.el7
  • glusterfs-0:3.12.2-25.el7rhgs
  • glusterfs-api-0:3.12.2-25.el7
  • glusterfs-api-0:3.12.2-25.el7rhgs
  • glusterfs-api-devel-0:3.12.2-25.el7
  • glusterfs-api-devel-0:3.12.2-25.el7rhgs
  • glusterfs-cli-0:3.12.2-25.el7
  • glusterfs-cli-0:3.12.2-25.el7rhgs
  • glusterfs-client-xlators-0:3.12.2-25.el7
  • glusterfs-client-xlators-0:3.12.2-25.el7rhgs
  • glusterfs-debuginfo-0:3.12.2-25.el7
  • glusterfs-debuginfo-0:3.12.2-25.el7rhgs
  • glusterfs-devel-0:3.12.2-25.el7
  • glusterfs-devel-0:3.12.2-25.el7rhgs
  • glusterfs-events-0:3.12.2-25.el7rhgs
  • glusterfs-fuse-0:3.12.2-25.el7
  • glusterfs-fuse-0:3.12.2-25.el7rhgs
  • glusterfs-ganesha-0:3.12.2-25.el7rhgs
  • glusterfs-geo-replication-0:3.12.2-25.el7rhgs
  • glusterfs-libs-0:3.12.2-25.el7
  • glusterfs-libs-0:3.12.2-25.el7rhgs
  • glusterfs-rdma-0:3.12.2-25.el7
  • glusterfs-rdma-0:3.12.2-25.el7rhgs
  • glusterfs-resource-agents-0:3.12.2-25.el7rhgs
  • glusterfs-server-0:3.12.2-25.el7rhgs
  • python2-gluster-0:3.12.2-25.el7
  • python2-gluster-0:3.12.2-25.el7rhgs
  • redhat-storage-server-0:3.4.1.0-1.el7rhgs
  • imgbased-0:1.0.29-1.el7ev
  • python-imgbased-0:1.0.29-1.el7ev
  • redhat-release-virtualization-host-0:4.2-7.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20181026.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-7.3.el7