The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Glusterfs | Gluster | - (including) | - (including) |
| Storage_management_console | Redhat | 2.0 (including) | 2.0 (including) |
| Storage_native_client | Redhat | - (including) | - (including) |
| Storage_server | Redhat | 2.0 (including) | 2.0 (including) |
| Native Client for RHEL 5 for Red Hat Storage | RedHat | glusterfs-0:3.3.0.7rhs-1.el5 | * |
| Native Client for RHEL 6 for Red Hat Storage | RedHat | glusterfs-0:3.3.0.7rhs-1.el6 | * |
| Red Hat Storage 2.0 | RedHat | appliance-0:1.7.1-1.el6rhs | * |
| Red Hat Storage 2.0 | RedHat | augeas-0:0.9.0-1.el6 | * |
| Red Hat Storage 2.0 | RedHat | glusterfs-0:3.3.0.7rhs-1.el6rhs | * |
| Red Hat Storage 2.0 | RedHat | gluster-swift-0:1.4.8-5.el6rhs | * |
| Red Hat Storage 2.0 | RedHat | libvirt-0:0.9.10-21.el6_3.8 | * |
| Red Hat Storage 2.0 | RedHat | rhn-client-tools-0:1.0.0-73.el6rhs | * |
| Red Hat Storage 2.0 | RedHat | sanlock-0:2.3-4.el6_3 | * |
| Red Hat Storage 2.0 | RedHat | sos-0:2.2-17.2.el6rhs | * |
| Red Hat Storage 2.0 | RedHat | vdsm-0:4.9.6-20.el6rhs | * |
| Red Hat Storage 2.0 Console | RedHat | org.ovirt.engine-root-0:2.0.techpreview1-4 | * |
| Red Hat Storage 2.0 Console | RedHat | vdsm-0:4.9.6-20.el6rhs | * |
| Glusterfs | Ubuntu | lucid | * |
| Glusterfs | Ubuntu | oneiric | * |
| Glusterfs | Ubuntu | precise | * |
| Glusterfs | Ubuntu | quantal | * |
| Glusterfs | Ubuntu | raring | * |
| Glusterfs | Ubuntu | saucy | * |
| Glusterfs | Ubuntu | upstream | * |
| Glusterfs | Ubuntu | utopic | * |
| Glusterfs | Ubuntu | vivid | * |
| Glusterfs | Ubuntu | wily | * |