CVE-2017-1000198

Опубликовано: 21 мая 2017

Источник: redhat

CVSS3: 5.5

Описание

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

A flaw was found in the implementation of CheckConfig method in handler_glfs.so of the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could send a specially crafted string to CheckConfig method resulting in various kinds of segmentation fault.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Ceph Storage 2	tcmu-runner	Affected
Red Hat Gluster Storage 3.3 for RHEL 7	tcmu-runner	Fixed	RHSA-2017:3277	29.11.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1487246tcmu-runner: glfs handler allows local DoS via crafted CheckConfig strings

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-1000198

CVSS3: 7.5

nvd

около 8 лет назад

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

GHSA-m52m-q7q8-xjgc

CVSS3: 7.5

github

больше 3 лет назад

tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

SUSE-SU-2017:2601-1

suse-cvrf

больше 8 лет назад

Security update for tcmu-runner

5.5 Medium

CVSS3