CVE-2018-14659
31.10.2018, 19:29
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.Enginsight
| Vendor | Product | Version |
|---|---|---|
| redhat | gluster_file_system | 3.0.0 ≤ 𝑥 ≤ 3.1.2 |
| redhat | gluster_file_system | 4.1.0 ≤ 𝑥 ≤ 4.1.4 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | virtualization | 4.0 |
| redhat | virtualization_host | 4.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| glusterfs |
|
References