Description
It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.
CVSS breakdown
CVSS 3.0
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Red Hat / glusterfsn/a – n/a
References
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2607
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2608
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:3470
- MISChttps://security.gentoo.org/glsa/201904-06
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2021/11/msg00000.html