glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service

It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

glusterfs: Buffer overflow in "features/locks" translator allows for denial of service

A buffer overflow was found in strncpy of the plgetxattr function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service...

PT-2018-2608 · Red Hat +1 · Glusterfs +1

Name of the Vulnerable Software and Affected Versions: glusterfs version 3.8.4 Description: The issue is related to the usage of the snprintf function in the feature/locks translator of the glusterfs server, which is vulnerable to a format string attack. A remote, authenticated attacker could...