CVE-2018-14659 -- glusterfs-commonID: oval:org.secpod.oval:def:1901640 | Date: (C)2019-04-22 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the "GF_XATTR_IOSTATS_DUMP_KEY" xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling "setxattr" to trigger a state dump and create an arbitrary number of files in the server"s runtime directory.
Platform: |
Ubuntu 16.04 |
Ubuntu 18.10 |
Ubuntu 14.04 |
Ubuntu 18.04 |