Wind River Support Network

HomeDefectsLIN8-9809
Fixed

LIN8-9809 : Security Advisory - glusterfs - CVE-2018-10928

Created: Sep 17, 2018    Updated: Dec 21, 2018
Resolved Date: Oct 9, 2018
Found In Version: 8.0.0.27
Fix Version: 8.0.0.28
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

https://nvd.nist.gov/vuln/detail/CVE-2018-10928

Other Downloads


CVEs


Live chat
Online