13 matches found
EUVD-2018-6550
Malware in sbrugna...
CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...
Buffer overflow
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...
DEBIAN-CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
DEBIAN-CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...
UBUNTU-CVE-2018-14654
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GFXATTROPENTRYINKEY' xattrop to create arbitrary, empty files on the target server...
CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GFXATTRCLRLKCMD' xattr in the 'plgetxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of...
glusterfs: "features/index" translator can create arbitrary, empty files
A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GFXATTROPENTRYINKEY and GFXATTROPENTRYOUTKEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node...
PT-2018-12645 · Red Hat +1 · Gluster +1
Name of the Vulnerable Software and Affected Versions: Gluster file system versions through 4.1.4 Description: The issue allows a remote attacker with access to mount volumes to exploit the GF XATTROP ENTRY IN KEY xattrop, creating arbitrary, empty files on the target server via abuse of the...