NVD Vulnerability Detail

CVE-2018-10923

Summary	It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.
Publication Date	Sept. 4, 2018, 11:29 p.m.
Registration Date	March 1, 2021, 6:44 p.m.
Last Update	Nov. 21, 2024, 12:42 p.m.

Affected software configurations

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:a:redhat:virtualization_host:4.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:15.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html	Mailing List Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html	Mailing List Third Party Advisory
3	https://access.redhat.com/errata/RHSA-2018:2607	Third Party Advisory
4	https://access.redhat.com/errata/RHSA-2018:2607	Third Party Advisory
5	https://access.redhat.com/errata/RHSA-2018:2608	Third Party Advisory
6	https://access.redhat.com/errata/RHSA-2018:2608	Third Party Advisory
7	https://access.redhat.com/errata/RHSA-2018:3470	Third Party Advisory
8	https://access.redhat.com/errata/RHSA-2018:3470	Third Party Advisory
9	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923	Issue Tracking Mitigation
10	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923	Issue Tracking Mitigation
11	https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html	Mailing List Third Party Advisory
12	https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html	Mailing List Third Party Advisory
13	https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html	Mailing List Third Party Advisory
14	https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html	Mailing List Third Party Advisory
15	https://security.gentoo.org/glsa/201904-06	Third Party Advisory
16	https://security.gentoo.org/glsa/201904-06	Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

glusterfs サーバにおける入力確認に関する脆弱性

Title	glusterfs サーバにおける入力確認に関する脆弱性
Summary	glusterfs サーバには、入力確認に関する脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 4, 2018, midnight
Registration Date	Dec. 12, 2018, 5:22 p.m.
Last Update	Dec. 12, 2018, 5:22 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux Server

Red Hat Virtualization

Red Hat Virtualization Host

Debian

Debian GNU/Linux

Gluster, Inc.

GlusterFS

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-10923	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10923
National Vulnerability Database (NVD)
2	CVE-2018-10923	https://nvd.nist.gov/vuln/detail/CVE-2018-10923

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 1510-1] glusterfs security update	https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
Gluster
2	GlusterFS Documentation	https://docs.gluster.org/en/latest/
Red Hat Bugzilla
3	Bug 1610659	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10923
Red Hat Security Advisory
4	RHSA-2018:2607	https://access.redhat.com/errata/RHSA-2018:2607
5	RHSA-2018:2608	https://access.redhat.com/errata/RHSA-2018:2608
6	RHSA-2018:3470	https://access.redhat.com/errata/RHSA-2018:3470

Change Log

No	Changed Details	Date of change
1	[2018年12月12日] 掲載	Dec. 12, 2018, 5:22 p.m.