Wind River Support Network

HomeDefectsLIN9-7773
Fixed

LIN9-7773 : Security Advisory - glusterfs - CVE-2018-14659

Created: Nov 19, 2018    Updated: Dec 24, 2018
Resolved Date: Nov 22, 2018
Found In Version: unknown
Fix Version: 9.0.0.19
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14659

Other Downloads


CVEs


Live chat
Online