Wind River Support Network

HomeDefectsLIN1018-2983
Fixed

LIN1018-2983 : Security Advisory - glusterfs - CVE-2018-14654

Created: Nov 18, 2018    Updated: Sep 13, 2022
Resolved Date: Jan 28, 2019
Found In Version: unknown
Fix Version: 10.18.44.4
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14654

CVEs


Live chat
Online