Описание
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Отчет
This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 7 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 8 | glusterfs | Not affected | ||
| Native Client for RHEL 6 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Native Client for RHEL 7 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | glusterfs | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | redhat-storage-server | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 7 | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 7 | redhat-storage-server | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018 ...
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Уязвимость файловой системы GlusterFS, связанная с некорректным определением ссылки перед доступом к файлу, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3