Описание
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
A NULL pointer dereference flaw was found in the UnregisterHandler method implemented in the tcmu-runner daemon. A local, non-root user with access to the D-Bus system bus could call UnregisterHandler method with non-existing tcmu handler as paramater to trigger DoS.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 2 | tcmu-runner | Affected | ||
| Red Hat Gluster Storage 3.3 for RHEL 7 | tcmu-runner | Fixed | RHSA-2017:3277 | 29.11.2017 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1487247tcmu-runner: UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler causes DoS
EPSS
Процентиль: 15%
0.00048
Низкий
5.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.5
nvd
около 8 лет назад
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
CVSS3: 5.5
github
больше 3 лет назад
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack
EPSS
Процентиль: 15%
0.00048
Низкий
5.5 Medium
CVSS3