ID CVE-2018-10914
Summary It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.
References
Vulnerable Configurations
  • cpe:2.3:a:gluster:glusterfs:3.12.0:-:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.0:-:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.9:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.9:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.11:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.11:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.12:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.12:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:3.12.13:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:3.12.13:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:gluster:glusterfs:4.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:gluster:glusterfs:4.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 22-04-2022 - 19:08)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2018:2607
  • rhsa
    id RHSA-2018:2608
  • rhsa
    id RHSA-2018:3470
rpms
  • glusterfs-0:3.12.2-18.el7
  • glusterfs-0:3.12.2-18.el7rhgs
  • glusterfs-api-0:3.12.2-18.el7
  • glusterfs-api-0:3.12.2-18.el7rhgs
  • glusterfs-api-devel-0:3.12.2-18.el7
  • glusterfs-api-devel-0:3.12.2-18.el7rhgs
  • glusterfs-cli-0:3.12.2-18.el7
  • glusterfs-cli-0:3.12.2-18.el7rhgs
  • glusterfs-client-xlators-0:3.12.2-18.el7
  • glusterfs-client-xlators-0:3.12.2-18.el7rhgs
  • glusterfs-debuginfo-0:3.12.2-18.el7
  • glusterfs-debuginfo-0:3.12.2-18.el7rhgs
  • glusterfs-devel-0:3.12.2-18.el7
  • glusterfs-devel-0:3.12.2-18.el7rhgs
  • glusterfs-events-0:3.12.2-18.el7rhgs
  • glusterfs-fuse-0:3.12.2-18.el7
  • glusterfs-fuse-0:3.12.2-18.el7rhgs
  • glusterfs-ganesha-0:3.12.2-18.el7rhgs
  • glusterfs-geo-replication-0:3.12.2-18.el7rhgs
  • glusterfs-libs-0:3.12.2-18.el7
  • glusterfs-libs-0:3.12.2-18.el7rhgs
  • glusterfs-rdma-0:3.12.2-18.el7
  • glusterfs-rdma-0:3.12.2-18.el7rhgs
  • glusterfs-resource-agents-0:3.12.2-18.el7rhgs
  • glusterfs-server-0:3.12.2-18.el7rhgs
  • python2-gluster-0:3.12.2-18.el7
  • python2-gluster-0:3.12.2-18.el7rhgs
  • redhat-release-server-0:7.5-11.el7rhgs
  • redhat-storage-server-0:3.4.0.0-1.el7rhgs
  • glusterfs-0:3.12.2-18.el6
  • glusterfs-0:3.12.2-18.el6rhs
  • glusterfs-api-0:3.12.2-18.el6
  • glusterfs-api-0:3.12.2-18.el6rhs
  • glusterfs-api-devel-0:3.12.2-18.el6
  • glusterfs-api-devel-0:3.12.2-18.el6rhs
  • glusterfs-cli-0:3.12.2-18.el6
  • glusterfs-cli-0:3.12.2-18.el6rhs
  • glusterfs-client-xlators-0:3.12.2-18.el6
  • glusterfs-client-xlators-0:3.12.2-18.el6rhs
  • glusterfs-debuginfo-0:3.12.2-18.el6
  • glusterfs-debuginfo-0:3.12.2-18.el6rhs
  • glusterfs-devel-0:3.12.2-18.el6
  • glusterfs-devel-0:3.12.2-18.el6rhs
  • glusterfs-events-0:3.12.2-18.el6rhs
  • glusterfs-fuse-0:3.12.2-18.el6
  • glusterfs-fuse-0:3.12.2-18.el6rhs
  • glusterfs-ganesha-0:3.12.2-18.el6rhs
  • glusterfs-geo-replication-0:3.12.2-18.el6rhs
  • glusterfs-libs-0:3.12.2-18.el6
  • glusterfs-libs-0:3.12.2-18.el6rhs
  • glusterfs-rdma-0:3.12.2-18.el6
  • glusterfs-rdma-0:3.12.2-18.el6rhs
  • glusterfs-server-0:3.12.2-18.el6rhs
  • python2-gluster-0:3.12.2-18.el6
  • python2-gluster-0:3.12.2-18.el6rhs
  • redhat-release-server-0:6Server-6.10.0.24.el6rhs
  • redhat-storage-server-0:3.4.0.0-1.el6rhs
  • imgbased-0:1.0.29-1.el7ev
  • python-imgbased-0:1.0.29-1.el7ev
  • redhat-release-virtualization-host-0:4.2-7.3.el7
  • redhat-virtualization-host-image-update-0:4.2-20181026.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-7.3.el7
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914
gentoo GLSA-201904-06
mlist [debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update
suse openSUSE-SU-2020:0079
Last major update 22-04-2022 - 19:08
Published 04-09-2018 - 14:29
Last modified 22-04-2022 - 19:08
Back to Top