Описание
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
Отчет
This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there. This flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 7 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 8 | glusterfs | Not affected | ||
| Native Client for RHEL 6 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Native Client for RHEL 7 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | glusterfs | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 6 | redhat-storage-server | Fixed | RHSA-2018:3431 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 7 | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Gluster Storage 3.4 for RHEL 7 | redhat-storage-server | Fixed | RHSA-2018:3432 | 31.10.2018 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | glusterfs | Fixed | RHSA-2018:3432 | 31.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
It was found that usage of snprintf function in feature/locks translat ...
It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.
Уязвимость функции snprintf файловой системы GlusterFS, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3