Main
Vulnerability Database
Exploits
ID:1966 - Exploit for Symlink attack in Red Hat Gluster Storage Server for On-premise - CVE-2018-1088
ID:1966 - Exploit for Symlink attack in Red Hat Gluster Storage Server for On-premise - CVE-2018-1088
Published: March 18, 2020
Vulnerability identifier: #VU12150
Vulnerability risk: Low
CVE-ID: CVE-2018-1088
CWE-ID: CWE-61
Exploitation vector: Adjecent network
Vulnerable software:
Red Hat Gluster Storage Server for On-premise
Red Hat Gluster Storage Server for On-premise
Link to public exploit:
Vulnerability description
The vulnerability allows an adjacent unauthenticated attacker to gain elevated privileges on the target system.
The weakness exists in the snapshot scheduler due to improper security restrictions during the mounting of gluster volumes. An adjacent attacker can access a gluster node, perform symbolic link attack that is designed to schedule malicious cronjobs and gain root privileges.
The weakness exists in the snapshot scheduler due to improper security restrictions during the mounting of gluster volumes. An adjacent attacker can access a gluster node, perform symbolic link attack that is designed to schedule malicious cronjobs and gain root privileges.
Remediation
Install update from vendor's website.