Описание
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.
A buffer overflow was found in strncpy of the pl_getxattr() function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service.
Отчет
This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there. This flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 7 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 8 | glusterfs | Not affected | ||
| Native Client for RHEL 6 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Native Client for RHEL 7 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | glusterfs | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | redhat-storage-server | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 7 | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 7 | redhat-storage-server | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable ...
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.
EPSS
6.5 Medium
CVSS3