CVE-2018-1088

Priority
Description
A privilege escalation flaw was found in gluster 3.x snapshot scheduler.
Any gluster client allowed to mount gluster volumes could also mount shared
gluster storage volume and escalate privileges by scheduling malicious
cronjob via symlink.
Ubuntu-Description
It was discovered that GlusterFS incorrectly handled mounting gluster volumes.
An attacker could possibly use this issue to also mount shared gluster volumes
and escalate privileges through malicious cronjobs.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected (4.0.2-1)
Ubuntu 19.10 (Eoan):not-affected (4.0.2-1)
More Information

Updated: 2019-09-19 14:42:49 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)