glusterfs: File status information leak and denial of service

A flaw was found in RPC request using gfs3lookupreq in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process...

Denial Of Service (DoS)

libglusterfs.so is vulnerable to denial of serviceDoS. The attack exists because the function posixgetfilecontents in posix-helpers.c does not restrict a xattr request using glusterfs FUSE, causing a gluster brick process to crash...

CVE-2018-10927

A flaw was found in RPC request using gfs3lookupreq in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process...

Design/Logic Flaw

A flaw was found in RPC request using gfs3lookupreq in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process...

Design/Logic Flaw

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes...

CVE-2018-10927

A flaw was found in RPC request using gfs3lookupreq in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. Mitigation To limit exposure of gluster server nodes : 1. gluster server should be on...