Описание
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
Отчет
This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there. This flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.
Меры по смягчению последствий
SELinux mitigates this issue on Red Hat Gluster Storage 3. SELinux should be in enforcing mode only as permissive mode does not block attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 7 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 8 | glusterfs | Not affected | ||
| Native Client for RHEL 6 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:2608 | 04.09.2018 |
| Native Client for RHEL 7 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:2607 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | glusterfs | Fixed | RHSA-2018:2608 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | redhat-release-server | Fixed | RHSA-2018:2608 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | redhat-storage-server | Fixed | RHSA-2018:2608 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 7 | glusterfs | Fixed | RHSA-2018:2607 | 04.09.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 7 | redhat-release-server | Fixed | RHSA-2018:2607 | 04.09.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.5 Low
CVSS3
Связанные уязвимости
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
An information disclosure vulnerability was discovered in glusterfs se ...
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
EPSS
3.5 Low
CVSS3