Wind River Support Network

HomeDefectsLIN8-10102
Fixed

LIN8-10102 : Security Advisory - glusterfs - CVE-2018-14659

Created: Nov 19, 2018    Updated: Dec 21, 2018
Resolved Date: Nov 26, 2018
Found In Version: 8.0
Fix Version: 8.0.0.28
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14659

Other Downloads


CVEs


Live chat
Online