English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Gluster GlusterFS 3.12.12

CPE Details

Gluster GlusterFS 3.12.12
gluster
glusterfs
3.12.12
2019-05-09 13:37 +00:00
2019-05-09 13:37 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:gluster:glusterfs:3.12.12:*:*:*:*:*:*:*

Informations

Vendor

gluster

Product

glusterfs

Version

3.12.12

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-14651 2018-10-31 20:00 +00:00 It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
8.8
HIGH
CVE-2018-10929 2018-09-04 14:00 +00:00 A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
8.8
HIGH
CVE-2018-10930 2018-09-04 14:00 +00:00 A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
6.5
MEDIUM
CVE-2018-10924 2018-09-04 13:00 +00:00 It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
6.5
MEDIUM
CVE-2018-10926 2018-09-04 13:00 +00:00 A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
8.8
HIGH
CVE-2018-10927 2018-09-04 13:00 +00:00 A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.
8.1
HIGH
CVE-2018-10928 2018-09-04 13:00 +00:00 A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
8.8
HIGH
CVE-2018-10911 2018-09-04 12:00 +00:00 A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.
7.5
HIGH
CVE-2018-10913 2018-09-04 12:00 +00:00 An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
6.5
MEDIUM
CVE-2018-10914 2018-09-04 12:00 +00:00 It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.
6.5
MEDIUM
CVE-2018-10923 2018-09-04 12:00 +00:00 It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.
8.1
HIGH
CVE-2018-10904 2018-09-04 11:00 +00:00 It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
8.8
HIGH
CVE-2018-10907 2018-09-04 11:00 +00:00 It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.
8.8
HIGH
CVE-2018-10841 2018-06-20 16:00 +00:00 glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
8.8
HIGH

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.