17 matches found
Symlink Attack
libglusterfs.so is vulnerable to a symlink attack. The library allows the use of the / character in basenames, allowing a malicious user to conduct a symlink attack to execute arbitrary code, create arbitrary files or crash the application. The vulnerability is due to an incomplete fix of...
Arbitrary Code Execution
libglusterfs.so is vulnerable to arbitrary code execution attacks. The library does not properly sanitize file paths in the trusted.io-stats-dump attribute, allowing a malicious user to create arbitrary files or execute arbitrary code...
Unauthorized Access To Storage Volumes
libglusterfs.so is vulnerable to unauthorized access to storage volumes. The vulnerability exists due to the fix introduced for CVE-2018-1112, allowing unauthenticated users to mount the storage volumes...
Privilege Escalation
libglusterfs.so is vulnerable to privilege escalation. A malicious user can use an unauthenticated gluster client to connect and mount arbitrary gluster storage volumes that can escalate privileges through a scheduled cronjob...
Denial Of Service (DoS) Through Buffer Overflow
libglusterfs.so is vulnerable to a denial of service DoS attack. A malicious user can pass a variable length buffer to the GFXATTRCLRLKCMD variable through a mounted disk, causing a buffer overflow that can crash the application...
Denial Of Service (DoS)
libglusterfs.so is vulnerable to a denial of service DoS attack. A malicious user can pass a string using the fmt command with the %s and %d characters to cause the application to crash...
Symlink Attack
libglusterfs.so is vulnerable to a symlink attack. The library allows the use of the / character in basenames, allowing a malicious user to conduct a symlink attack to execute arbitrary code, create arbitrary files or crash the application. The vulnerability is due to an incomplete fix of...
Denial Of Service (DoS)
libglusterfs.so is vulnerable to denial of service DoS. There are no controls to prevent dumping of files on the server side, which allows a compromised client to create io-stats dumps on the server repeatedly until all available inodes have been exhausted, resulting in a denial of service...
Denial Of Service (DoS)
libglusterfs.so is vulnerable to denial of service. A lack of validation of the key size of xdr allows for an authenticated remote attacker to provide a key size larger than NAMEMAX, which would cause a heap-based buffer overflow resulting in a denial of service condition...
Denial Of Service (DoS)
libglusterfs.so is vulnerable to denial of serviceDoS. The attack exists because the function posixgetfilecontents in posix-helpers.c does not restrict a xattr request using glusterfs FUSE, causing a gluster brick process to crash...
Remote Code Execution (RCE)
libglusterfs.so is vulnerable to a remote code execution RCE attack. A malicious user can pass a RPC request to the gfs2createreq function to execute arbitrary code or create arbitrary files...
Denial Of Service (DoS)
libglusterfs.so is vulnerable to a denial of service DoS attack or information disclosures. The library does not restrict the ../ characters from being passed in pathnames, allowing a malicious user to gain access to file statuses or crash the application with a malformed filename...
Directory Traversal
libglusterfs.so is vulnerable to directory traversal. The server did not validate if symlink destinations contains directory traversal characters ../ and allow symlink destinations to point to file paths outside of the gluster volume. This enables an authenticated attacker to create arbitrary...
Stack-based Buffer Overflow
libglusterfs.so is vulnerable to stack-based buffer overflow. The functions in server-rpc-fopc.c allocates fixed size buffers which allows authenticated users to exploit the vulnerability to crash or execute code by mounting a gluster volume and sending a string longer than the fixed buffer size...
Arbitrary Code Execution
libglusterfs.so is vulnerable to arbitrary code execution attacks. The library does not properly sanitize file paths in the trusted.io-stats-dump attribute, allowing a malicious user to create arbitrary files or execute arbitrary code...
Information Disclosure
libglusterfs.so is vulnerable to information disclosure. A malicious user can send a xattr request to the application to discover what files are on the system...
Unauthorized Access To Storage Volumes
libglusterfs.so is vulnerable to unauthorized access to storage volumes. The vulnerability exists due to the fix introduced for CVE-2018-1112, allowing unauthenticated users to mount the storage volumes...