Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1795

Опубликовано: 16 мар. 2015
Источник: redhat
CVSS3: 4.8
CVSS2: 4.4
EPSS Низкий

Описание

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package.

Отчет

This issue did not affect the versions of glusterfs as shipped with Red Hat Enterprise Linux 6, and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6glusterfsNot affected
Red Hat Storage 2.1glusterfsWill not fix
Native Client for RHEL 6 for Red Hat StorageglusterfsFixedRHSA-2017:048423.03.2017
Native Client for RHEL 7 for Red Hat StorageglusterfsFixedRHSA-2017:048623.03.2017
Red Hat Gluster Storage 3.2 for RHEL 6glusterfsFixedRHSA-2017:048423.03.2017
Red Hat Gluster Storage 3.2 for RHEL 6redhat-storage-serverFixedRHSA-2017:048423.03.2017
Red Hat Gluster Storage 3.2 for RHEL 7glusterfsFixedRHSA-2017:048623.03.2017
Red Hat Gluster Storage 3.2 for RHEL 7redhat-storage-serverFixedRHSA-2017:048623.03.2017
Red Hat Gluster Storage 3.2 for RHEL 7vdsmFixedRHSA-2017:048623.03.2017
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7glusterfsFixedRHSA-2017:048623.03.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-377
https://bugzilla.redhat.com/show_bug.cgi?id=1200927glusterfs: glusterfs-server %pretrans rpm script temporary file issue

EPSS

Процентиль: 20%
0.00064
Низкий

4.8 Medium

CVSS3

4.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1795

CVSS3: 7.8
ubuntu
больше 8 лет назад

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

nvd логотип

CVE-2015-1795

CVSS3: 7.8
nvd
больше 8 лет назад

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

debian логотип

CVE-2015-1795

CVSS3: 7.8
debian
больше 8 лет назад

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain pri ...

github логотип

GHSA-vq9q-mjvr-qpfx

CVSS3: 7.8
github
больше 3 лет назад

Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

EPSS

Процентиль: 20%
0.00064
Низкий

4.8 Medium

CVSS3

4.4 Medium

CVSS2