Wind River Support Network

HomeDefectsLIN6-15013
Fixed

LIN6-15013 : Security Advisory - glusterfs - CVE-2018-10928

Created: Sep 17, 2018    Updated: Dec 24, 2018
Resolved Date: Nov 18, 2018
Found In Version: 6.0.0.37
Fix Version: 6.0.0.38
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

https://nvd.nist.gov/vuln/detail/CVE-2018-10928

Other Downloads


Live chat
Online