Published: 31/10/2018 Updated: 13/02/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat gluster file system
debian debian linux 8.0
debian debian linux 9.0
redhat enterprise linux server 7.0
redhat enterprise linux server 6.0
redhat virtualization 4.0
redhat virtualization_host 4.0

Debian Bug report logs - #912997 glusterfs: Several security vulnerabilities Package: glusterfs; Maintainer for glusterfs is Patrick Matthäi <pmatthaei@debianorg>; Reported by: Markus Koschany <apo@debianorg> Date: Mon, 5 Nov 2018 18:12:01 UTC Severity: grave Tags: security Found in version 414-1 Fixed in vers ...

Synopsis Important: glusterfs security and bug fix update Type/Severity Security Advisory: Important Topic Updated glusterfs packages that fix multiple security issues and bugs are now available for Red Hat Gluster Storage 34 on Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as h ...

Synopsis Important: glusterfs security and bug fix update Type/Severity Security Advisory: Important Topic Updated glusterfs packages that fix multiple security issues and bugs are now available for Red Hat Gluster Storage 34 on Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...

Synopsis Moderate: Red Hat Virtualization security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Securi ...

A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service ...

CWE-400 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3431 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://access.redhat.com/errata/RHSA-2018:3470 https://security.gentoo.org/glsa/201904-06 https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912997 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/security/cve/cve-2018-14659

CVE-2018-14659

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect