Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-10904

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
CONFIRM: https://review.gluster...
REDHAT: RHSA-2018:2607
REDHAT: RHSA-2018:2608
MLIST: [debian-lts-announce] ...
REDHAT: RHSA-2018:3470
GENTOO: GLSA-201904-06
SUSE: openSUSE-SU-2020:0079
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2018-10904

Related bugs

References