Wind River Support Network

HomeDefectsLIN10-4698

Fixed

LIN10-4698 : Security Advisory - glusterfs - CVE-2018-10904

Created: Sep 17, 2018 Updated: Dec 24, 2018

Resolved Date: Oct 15, 2018

Found In Version: 10.17.41.1

Fix Version: 10.17.41.12

Severity: Standard

Applicable for: Wind River Linux LTS 17

Component/s: Userspace

Description

It was found that glusterfs server does not properly sanitize file paths in the trusted.io-stats-dump extended attribute which is used by the debug/io-stats translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

https://nvd.nist.gov/vuln/detail/CVE-2018-10904

Other Downloads

Wind River Linux LTS 10.17.41.12
Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux LTS 10.17.41.23
Wind River Linux LTS 10.17.41.24
Wind River Linux LTS 10.17.41.25
Wind River Linux LTS 10.17.41.26
Wind River Linux LTS 10.17.41.27

CVEs

CVE-2018-10904