CLSA-2026-1777566732
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1777566732.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1777566732
- Upstream
- Published
- 2026-04-30T16:32:33Z
- Modified
- 2026-06-04T09:47:03.639873152Z
- Summary
- Fix CVE(s): CVE-2018-10841
- Details
-
- SECURITY UPDATE: privilege escalation on glusterd nodes via the CLI
RPC program being exposed on the TCP listener when management-plane
SSL is enabled, allowing a TLS-authenticated client outside the
trusted storage pool to issue privileged volume-management commands
via gluster --remote-host
- debian/patches/CVE-2018-10841.patch: drop gdinetprograms[1] = &gdsvccli_prog rebinding in glusterd init() so the trusted-pool CLI program remains bound to the TCP listener and the full CLI RPC program continues to be served only over the local UNIX domain socket
- CVE-2018-10841
- SECURITY UPDATE: privilege escalation on glusterd nodes via the CLI
RPC program being exposed on the TCP listener when management-plane
SSL is enabled, allowing a TLS-authenticated client outside the
trusted storage pool to issue privileged volume-management commands
via gluster --remote-host
- References
Affected packages
TuxCare:Ubuntu:16.04 / glusterfs-client
Package
- Name
- glusterfs-client
- Purl
- pkg:deb/tuxcare/glusterfs-client?distro=ubuntu-16.04
TuxCare:Ubuntu:16.04 / glusterfs-common
Package
- Name
- glusterfs-common
- Purl
- pkg:deb/tuxcare/glusterfs-common?distro=ubuntu-16.04