Description
A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Red Hat / glusterfsn/a – n/a
References
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2607
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10929
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:2608
- VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:3470
- MISChttp://www.securityfocus.com/bid/107577
- MISChttps://security.gentoo.org/glsa/201904-06
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2021/11/msg00000.html