Red Hat Gluster Storage RPM Package Unsafe Temporary File Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID: 1038128|
SecurityTracker URL: http://securitytracker.com/id/1038128
(Links to External Site)
Date: Mar 27 2017
Execution of arbitrary code via local system, Modification of user information, Root access via local system|
Fix Available: Yes Vendor Confirmed: Yes |
A vulnerability was reported in Red Hat Gluster Storage. A local user can obtain elevated privileges on the target system.|
The glusterfs-server RPM package writes a shell script with a predictable filename in the '/tmp' directory. A local user can modify the shell script to cause arbitrary commands to be executed on the target system with root privileges.
Florian Weimer of Red Hat Product Security reported this vulnerability.
A local user can obtain root privileges on the target system.|
Red Hat has issued a fix.|
The Red Hat advisories are available at:
Vendor URL: rhn.redhat.com/errata/RHSA-2017-0484.html (Links to External Site)
Access control error|
|Underlying OS: Linux (Red Hat Enterprise)|
|Underlying OS Comments: 6, 7|
Source Message Contents
Subject: [RHSA-2017:0484-01] Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update|
-----BEGIN PGP SIGNED MESSAGE-----
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Gluster Storage 3.2.0 security, bug fix, and enhancement update
Advisory ID: RHSA-2017:0484-01
Product: Red Hat Gluster Storage
Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0484.html
Issue date: 2017-03-23
CVE Names: CVE-2015-1795
An update is now available for Red Hat Gluster Storage 3.2 on Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Gluster Storage Server 3.2 on RHEL-6 - noarch, x86_64
Red Hat Storage Native Client for Red Hat Enterprise Linux 6 - noarch, x86_64
Red Hat Gluster Storage is a software only scale-out storage solution that
provides flexible and affordable unstructured data storage. It unifies data
storage and infrastructure, increases performance, and improves
availability and manageability to meet enterprise-level storage challenges.
The following packages have been upgraded to a later upstream version:
glusterfs (3.8.4), redhat-storage-server (188.8.131.52). (BZ#1362373)
* It was found that glusterfs-server RPM package would write file with
predictable name into world readable /tmp directory. A local attacker could
potentially use this flaw to escalate their privileges to root by modifying
the shell script during the installation of the glusterfs-server package.
This issue was discovered by Florian Weimer of Red Hat Product Security.
* Bricks remain stopped if server quorum is no longer met, or if server
quorum is disabled, to ensure that bricks in maintenance are not started
* The metadata cache translator has been updated to improve Red Hat Gluster
Storage performance when reading small files. (BZ#1427783)
* The 'gluster volume add-brick' command is no longer allowed when the
replica count has increased and any replica bricks are unavailable.
* Split-brain resolution commands work regardless of whether client-side
heal or the self-heal daemon are enabled. (BZ#1403840)
* Red Hat Gluster Storage now provides Transport Layer Security support for
Samba and NFS-Ganesha. (BZ#1340608, BZ#1371475)
* A new reset-sync-time option enables resetting the sync time attribute to
zero when required. (BZ#1205162)
* Tiering demotions are now triggered at most 5 seconds after a
hi-watermark breach event. Administrators can use the
cluster.tier-query-limit volume parameter to specify the number of records
extracted from the heat database during demotion. (BZ#1361759)
* The /var/log/glusterfs/etc-glusterfs-glusterd.vol.log file is now named
* The 'gluster volume attach-tier/detach-tier' commands are considered
deprecated in favor of the new commands, 'gluster volume tier VOLNAME
* The HA_VOL_SERVER parameter in the ganesha-ha.conf file is no longer used
by Red Hat Gluster Storage. (BZ#1348954)
* The volfile server role can now be passed to another server when a server
is unavailable. (BZ#1351949)
* Ports can now be reused when they stop being used by another service.
* The thread pool limit for the rebalance process is now dynamic, and is
determined based on the number of available cores. (BZ#1352805)
* Brick verification at reboot now uses UUID instead of brick path.
* LOGIN_NAME_MAX is now used as the maximum length for the slave user
instead of __POSIX_LOGIN_NAME_MAX, allowing for up to 256 characters
including the NULL byte. (BZ#1400365)
* The client identifier is now included in the log message to make it
easier to determine which client failed to connect. (BZ#1333885)
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
5. Bugs fixed (https://bugzilla.redhat.com/):
1200927 - CVE-2015-1795 glusterfs: glusterfs-server %pretrans rpm script temporary file issue
1362373 - [RHEL6] Rebase glusterfs at RHGS-3.2.0 release
1375059 - [RHEL-6] Include vdsm and related dependency packages at RHGS 3.2.0 ISO
1382319 - [RHEL6] SELinux prevents FUSE mounting of RDMA transport type volumes
1403587 - [Perf] : pcs cluster resources went into stopped state during Multithreaded perf tests on RHGS layered over RHEL 6
1403919 - [Ganesha] : pcs status is not the same across the ganesha cluster in RHEL 6 environment
1404551 - Lower version of packages subscription-manager, python-rhsm found in RHGS3.2 RHEL6 ISO.
1424944 - [Ganesha] : Unable to bring up a Ganesha HA cluster on RHEL 6.9.
1425748 - [GANESHA] Adding a node to existing ganesha cluster is failing on rhel 6.9
1432972 - /etc/pki/product/69.pem shows version as 6.8 for RHGS3.2.0(6.9)
6. Package List:
Red Hat Gluster Storage Server 3.2 on RHEL-6:
Red Hat Storage Native Client for Red Hat Enterprise Linux 6:
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
The Red Hat security contact is <email@example.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
RHSA-announce mailing list