SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   Red Hat Gluster Storage Vendors:   Red Hat
Red Hat Gluster Storage RPM Package Unsafe Temporary File Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1038128
SecurityTracker URL:  http://securitytracker.com/id/1038128
CVE Reference:   CVE-2015-1795   (Links to External Site)
Date:  Mar 27 2017
Impact:   Execution of arbitrary code via local system, Modification of user information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.2
Description:   A vulnerability was reported in Red Hat Gluster Storage. A local user can obtain elevated privileges on the target system.

The glusterfs-server RPM package writes a shell script with a predictable filename in the '/tmp' directory. A local user can modify the shell script to cause arbitrary commands to be executed on the target system with root privileges.

Florian Weimer of Red Hat Product Security reported this vulnerability.

Impact:   A local user can obtain root privileges on the target system.
Solution:   Red Hat has issued a fix.

The Red Hat advisories are available at:

https://rhn.redhat.com/errata/RHSA-2017-0484.html
https://rhn.redhat.com/errata/RHSA-2017-0486.html

Vendor URL:  rhn.redhat.com/errata/RHSA-2017-0484.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  6, 7

Message History:   None.


 Source Message Contents

Subject:  [RHSA-2017:0484-01] Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:0484-01
Product:           Red Hat Gluster Storage
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2017-0484.html
Issue date:        2017-03-23
CVE Names:         CVE-2015-1795 
=====================================================================

1. Summary:

An update is now available for Red Hat Gluster Storage 3.2 on Red Hat
Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Gluster Storage Server 3.2 on RHEL-6 - noarch, x86_64
Red Hat Storage Native Client for Red Hat Enterprise Linux 6 - noarch, x86_64

3. Description:

Red Hat Gluster Storage is a software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves
availability and manageability to meet enterprise-level storage challenges.

The following packages have been upgraded to a later upstream version:
glusterfs (3.8.4), redhat-storage-server (3.2.0.3). (BZ#1362373)

Security Fix(es):

* It was found that glusterfs-server RPM package would write file with
predictable name into world readable /tmp directory. A local attacker could
potentially use this flaw to escalate their privileges to root by modifying
the shell script during the installation of the glusterfs-server package.
(CVE-2015-1795)

This issue was discovered by Florian Weimer of Red Hat Product Security.

Bug Fix(es):

* Bricks remain stopped if server quorum is no longer met, or if server
quorum is disabled, to ensure that bricks in maintenance are not started
incorrectly. (BZ#1340995)

* The metadata cache translator has been updated to improve Red Hat Gluster
Storage performance when reading small files. (BZ#1427783)

* The 'gluster volume add-brick' command is no longer allowed when the
replica count has increased and any replica bricks are unavailable.
(BZ#1404989)

* Split-brain resolution commands work regardless of whether client-side
heal or the self-heal daemon are enabled. (BZ#1403840)

Enhancement(s):

* Red Hat Gluster Storage now provides Transport Layer Security support for
Samba and NFS-Ganesha. (BZ#1340608, BZ#1371475)

* A new reset-sync-time option enables resetting the sync time attribute to
zero when required. (BZ#1205162)

* Tiering demotions are now triggered at most 5 seconds after a
hi-watermark breach event. Administrators can use the
cluster.tier-query-limit volume parameter to specify the number of records
extracted from the heat database during demotion. (BZ#1361759)

* The /var/log/glusterfs/etc-glusterfs-glusterd.vol.log file is now named
/var/log/glusterfs/glusterd.log. (BZ#1306120)

* The 'gluster volume attach-tier/detach-tier' commands are considered
deprecated in favor of the new commands, 'gluster volume tier VOLNAME
attach/detach'. (BZ#1388464)

* The HA_VOL_SERVER parameter in the ganesha-ha.conf file is no longer used
by Red Hat Gluster Storage. (BZ#1348954)

* The volfile server role can now be passed to another server when a server
is unavailable. (BZ#1351949)

* Ports can now be reused when they stop being used by another service.
(BZ#1263090)

* The thread pool limit for the rebalance process is now dynamic, and is
determined based on the number of available cores. (BZ#1352805)

* Brick verification at reboot now uses UUID instead of brick path.
(BZ#1336267)

* LOGIN_NAME_MAX is now used as the maximum length for the slave user
instead of __POSIX_LOGIN_NAME_MAX, allowing for up to 256 characters
including the NULL byte. (BZ#1400365)

* The client identifier is now included in the log message to make it
easier to determine which client failed to connect. (BZ#1333885)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1200927 - CVE-2015-1795 glusterfs: glusterfs-server %pretrans rpm script temporary file issue
1362373 - [RHEL6] Rebase glusterfs at RHGS-3.2.0 release
1375059 - [RHEL-6] Include vdsm and related dependency packages at RHGS 3.2.0 ISO
1382319 - [RHEL6] SELinux prevents FUSE mounting of RDMA transport type volumes
1403587 - [Perf] : pcs cluster resources went into stopped state during Multithreaded perf tests on RHGS layered over RHEL 6
1403919 - [Ganesha] : pcs status is not the same across the ganesha cluster in RHEL 6 environment
1404551 - Lower version of packages  subscription-manager, python-rhsm found in RHGS3.2 RHEL6 ISO.
1424944 - [Ganesha] : Unable to bring up a Ganesha HA cluster on RHEL 6.9.
1425748 - [GANESHA] Adding a node to existing ganesha cluster is failing on rhel 6.9
1432972 - /etc/pki/product/69.pem shows version as 6.8 for RHGS3.2.0(6.9)

6. Package List:

Red Hat Gluster Storage Server 3.2 on RHEL-6:

Source:
glusterfs-3.8.4-18.el6rhs.src.rpm
redhat-storage-server-3.2.0.3-1.el6rhs.src.rpm

noarch:
python-gluster-3.8.4-18.el6rhs.noarch.rpm
redhat-storage-server-3.2.0.3-1.el6rhs.noarch.rpm

x86_64:
glusterfs-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-api-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-api-devel-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-cli-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-client-xlators-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-debuginfo-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-devel-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-events-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-fuse-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-ganesha-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-geo-replication-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-libs-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-rdma-3.8.4-18.el6rhs.x86_64.rpm
glusterfs-server-3.8.4-18.el6rhs.x86_64.rpm

Red Hat Storage Native Client for Red Hat Enterprise Linux 6:

Source:
glusterfs-3.8.4-18.el6.src.rpm

noarch:
python-gluster-3.8.4-18.el6.noarch.rpm

x86_64:
glusterfs-3.8.4-18.el6.x86_64.rpm
glusterfs-api-3.8.4-18.el6.x86_64.rpm
glusterfs-api-devel-3.8.4-18.el6.x86_64.rpm
glusterfs-cli-3.8.4-18.el6.x86_64.rpm
glusterfs-client-xlators-3.8.4-18.el6.x86_64.rpm
glusterfs-debuginfo-3.8.4-18.el6.x86_64.rpm
glusterfs-devel-3.8.4-18.el6.x86_64.rpm
glusterfs-fuse-3.8.4-18.el6.x86_64.rpm
glusterfs-libs-3.8.4-18.el6.x86_64.rpm
glusterfs-rdma-3.8.4-18.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-1795
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.2/html/3.2_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFY03feXlSAg2UNWIIRAi0IAKCAPNVKyHaPOco5w6QEeh8tB+oAfgCff5vP
dPfGgxihI4HOWaOS0LIXdPo=
=UX0C
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC